Mystikal v2.2.13 releases: macOS Initial Access Payload Generator
Mystikal is a macOS payload generator integrated with Mythic. Mystikal leverages Mythic scripting to log in and creates the necessary payload for the selected initial access method. Mystikal creates an Apfell or Leviathan payload depending on the chosen initial access method.
A common payload used for initial access is the installer package. These packages are eXtensible ARchiver (XAR) archives that conform to a specific folder structure and have a .pkg file extension. The easy comparison to Windows would be Windows installers which typically have the .msi file extension. As with Windows installers, installer packages execution typically results in an install wizard presented to the end-user for installation.
Within the InstallerJS API is the
system.run tag, which can execute system commands. The Silver Sparrow malware recently used this method. By abusing the distribution XML file, attackers can perform the same tasks typically within preinstall / postinstall scripts. The benefit of this method is that it makes it slightly harder to see what actions the installer package is performing. Additionally, due to the invocation time of the distribution XML file, the installer package does not need to finish the installation process for execution to occur.
- Merge pull request #107 from its-a-feature/2.2-updates
- added in a few more pages for the new ui, updated mythic-cli to include…
git clone https://github.com/D00MFist/Mystikal.git
sudo pip3 install -r requirements.txt
Copyright (c) 2021, D00MFist
All rights reserved.