SCYTHE: Starting 2019 with Linux and ATT&CK™

The SCYTHE team has been hard at work on our new release and we are proud to present the next major evolution of the SCYTHE Continuous Red Team Automation platform.

What’s New

  • More auto-generated implants
  • Linux support
  • One-Click MITRE ATT&CK Report
  • New Threats in the Threat Catalog
  • New Logging Output Option

Linux Implant Builder

The campaign creation menu now allows you to select an operating system for Linux campaign creation. You will have the SCYTHE automation and ease of use you have come to expect, but the platform will now produce Linux executable to deploy as your own custom malware/agent.


Continuously monitor how well the organization’s risk posture is fortified across the MITRE ATT&CK matrix. In addition to our existing MITRE ATT&CK functionality, SCYTHE now supports a one-click report, showing you which ATT&CK Techniques were utilized in your campaign and summary of the results. This report can be generated at any time, in any campaign, and is another iteration in our integration with MITRE ATT&CK.

New Update to Threat Catalog and More Robust Logging & 3rd-Party Reporting Integration

Stronger 3rd-party reporting integrations enabled by new additional options for logging output. In this release we also included new options for logging output, to support an even greater number of third party reporting integrations, and as usual, we have included some new Threats in the Threat Catalog for you to add to your growing arsonal of vendor and use case specific custom built modules.

We’ve added in APT3 to the Threat Catalog. APT3 is a China-based threat group that researchers have attributed to China’s Ministry of State Security. [1] [2] This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.[1] [3] It is blamed for using a Remote Access Trojan named Pirpi in attacks against the US and UK. The Trojan is usually delivered through malicious attachments or links in spear-phishing e-mails and the group has a history of innovating new browser-based zero-day exploits. FireEye claims that it is one of the most sophisticated threat groups tracked by their Threat Intelligence arm.

Your Feedback Matters

Your feedback drives the evolution of SCYTHE to be the solution you need.  We cannot overstate how important your feedback is to us and we would love to hear what features and functionality you would want for your Red Team Automation platform. Please drop us a line and don’t hesitate to request a free trial of the newest version release of SCYTHE!