Home >
List all groups >
List all tools > List all groups using tool PupyRAT
Tool: PupyRAT
| Names | PupyRAT
Pupy
pupy |
| Category | Tools |
| Type | Backdoor |
| Description | Pupy is an open-source, cross-platform RAT and post-exploitation framework mainly written in python. Pupy can be loaded from various loaders, including PE EXE, reflective DLL, Linux ELF, pure python, powershell and APK. Most of the loaders bundle an embedded python runtime, python library modules in source/compiled/native forms as well as a flexible configuration. They bootstrap a python runtime environment mostly in-memory for the later stages of pupy to run in. Pupy can communicate using various transports, migrate into processes, load remote python code, python packages and python C-extensions from memory. |
| Information | <https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations>
<https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/>
<https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html>
<https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/>
<https://github.com/n1nj4sec/pupy>
<https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/>
<https://asec.ahnlab.com/en/64258/> |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0192/> |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy>
<https://malpedia.caad.fkie.fraunhofer.de/details/py.pupy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.pupy> |
Last change to this tool card: 22 April 2024
Download this tool card in JSON format
Previous: PuppetLoader
Next: Pure Storage FlashArray
All groups using tool PupyRAT
4 groups listed (4 APT, 0 other, 0 unknown)
