Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.
It is a very stripped down verion of the Poseidon payload from @xorrior, @djhohnstein, and @its-a-feature This Freyja instance supports Mythic 3.0 and will be updated as necessary. It does not support Mythic 2.3 and lower.
The agent has mythic_payloadtype_container==0.1.8
PyPi package installed and reports to Mythic as version “12”.
Freyja uses Red Canary’s Atomic Red Team (ART) “executor” concept. Freyja uses these executors to run commands on the vicitm host machines.
Freyja will integrate with the upcoming Mythic Purple Team eXecution Framework (PTXF) to run ART atomics (test cases), custom atomics via yaml files, and atomic chains within fully customizable Purple Team campagins.
Stay tuned for the PTXF!
Current Executors:
When it’s time for you to test out your install or for another user to install your agent, it’s pretty simple. Within Mythic you can run the mythic-cli
binary to install this in one of three ways:
sudo ./mythic-cli install github https://github.com/user/repo
to install the main branchsudo ./mythic-cli install github https://github.com/user/repo branchname
to install a specific branch of that reposudo ./mythic-cli install folder /path/to/local/folder/cloned/from/github
to install from an already cloned down version of an agent repoNow, you might be wondering when should you or a user do this to properly add your agent to their Mythic instance. There’s no wrong answer here, just depends on your preference. The three options are:
sudo ./mythic-cli start agentName
and if that agent has its own special C2 containers, you’ll need to start them too via sudo ./mythic-cli start c2profileName
).sudo ./mythic-cli start
. That script will first stop all of your containers, then start everything back up again. This will also bring in the new agent you just installed.sudo ./mythic-cli start
.The Freyja documentation source code can be found in the documenation-payload/freyja
directory. View the rendered documentation by clicking on Docs -> Agent Documentation in the upper right-hand corner of the Mythic interface.
If you want to build outside of Mythic, you can use the Makefile
included in the project’s agent_code
directory.
You will need to modify the variables at the top of the Makefile to match the C2 profile information you want to build into your agent.
To get all the pieces you need (like UUID and AES key), you need to build the agent within Mythic (or at least kick off an unsuccessful build), then copy that information.
To find the information you need, simply go to the Payloads page and click the blue info icon.
You’ll see the UUID, encryption key, and any other information you need for building to put into your Makefile.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…