Mythic C2: Threat Intelligence Profile

Mythic C2 (also known as Mythic) is a c2 framework active since 2020. Extensible multi-platform C2 framework. Key characteristics include: multi-agent (Apollo, Poseidon, Medusa), Docker-based, extensible via Mythic agents, red team standard.

Overview & Background

Extensible multi-platform C2 framework. First identified in 2020, this threat is attributed to Open source.

• Category: C2 Framework
• Active since: 2020
• Attribution: Open source
• Also known as: Mythic

Technical Analysis

Mythic C2 employs the following capabilities and techniques:

• Multi-Agent (Apollo: Core functionality
• Poseidon: Core functionality
• Medusa): Core functionality
• Docker-Based: Core functionality
• Extensible Via Mythic Agents: Core functionality
• Red Team Standard: Core functionality

MITRE ATT&CK Mapping

Detection & Defense

• Endpoint detection: Deploy behavioral detection rules for Mythic C2 indicators
• Network monitoring: Monitor for C2 traffic patterns and anomalous connections
• Threat intelligence: Track Mythic C2 IOCs and campaign updates
• Security awareness: Train users to recognize phishing and social engineering
• Patch management: Keep systems updated to prevent exploitation