Mythic has a lot of macOS agents to choose from! Each has pros and cons, covered on this page. The following briefly describes tested agents supporting Intel (x64) and M-series (AMD64) Mac devices.
| Name | Language | SOCKS Proxy | C2 Channels |
|---|---|---|---|
| Apfell | JXA | ❌ | HTTP |
| hermes | Swift | ❌ | HTTP |
| Leviathan | JavaScript (Chrome Extension) | ❌ | Websockets |
| poseidon | Golang | ✅ | HTTP, TCP, Websockets |
- The poseidon agent is usually the best option. It has the most functionality of these agents. It has a built-in capability to obfuscate with Garble which is usually enough to bypass EDR.
- Apfell and Leviathan are the only agents compatible with Mystikal, the recommended initial access payload generator. If you need to phish a user or perform payload testing for the macOS C2, use these.
- I haven’t found a good reason to use hermes over any of the other agents, but it works and has a good set of functionality.