ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool PupyRAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PupyRAT

NamesPupyRAT
Pupy
pupy
CategoryTools
TypeBackdoor
DescriptionPupy is an open-source, cross-platform RAT and post-exploitation framework mainly written in python. Pupy can be loaded from various loaders, including PE EXE, reflective DLL, Linux ELF, pure python, powershell and APK. Most of the loaders bundle an embedded python runtime, python library modules in source/compiled/native forms as well as a flexible configuration. They bootstrap a python runtime environment mostly in-memory for the later stages of pupy to run in. Pupy can communicate using various transports, migrate into processes, load remote python code, python packages and python C-extensions from memory.
Information<https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations>
<https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/>
<https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html>
<https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/>
<https://github.com/n1nj4sec/pupy>
<https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/>
<https://asec.ahnlab.com/en/64258/>
MITRE ATT&CK<https://attack.mitre.org/software/S0192/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy>
<https://malpedia.caad.fkie.fraunhofer.de/details/py.pupy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.pupy>

Last change to this tool card: 22 April 2024

Download this tool card in JSON format

All groups using tool PupyRAT

ChangedNameCountryObserved

APT groups

 APT 33, Elfin, MagnalliumIran2013-Apr 2024 
 Cutting Kitten, TG-2889Iran2012-Mar 2016X
 LightBasin[Unknown]2016 
 Magic Hound, APT 35, Cobalt Illusion, Charming KittenIran2012-Aug 2024 HOTX

4 groups listed (4 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]