Like Sliver, Mythic is a free-to-use, open-source tool. Written predominantly in Python, Mythic provides cross-platform payload creation options (Linux, MacOS, and Windows). With an active development community, and ‘plug-n-play’ functionality for its various (also open-source) agents, the technical entry barrier for users is comparatively low.
Mythic is therefore attractive to threat actors of varying skill sets; for the lower-skilled actor the ‘plug-n-play’ capabilities mean they can use the framework and additional agents ‘off-the-shelf’. In the case of higher-skilled actors, the framework’s flexibility for customization might be used to evade detection mechanisms based on ‘known’ fingerprints.
Reviewing the currently online Mythic servers, most of them (90%) fit a ‘default’ profile, with details for the web portal port, SSL certificate, etc. having not been altered from the ‘out-of-the-box’ settings.