ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool PupyRAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PupyRAT

NamesPupyRAT
Pupy
CategoryTools
TypeBackdoor
DescriptionPupy is an open-source, cross-platform RAT and post-exploitation framework mainly written in python. Pupy can be loaded from various loaders, including PE EXE, reflective DLL, Linux ELF, pure python, powershell and APK. Most of the loaders bundle an embedded python runtime, python library modules in source/compiled/native forms as well as a flexible configuration. They bootstrap a python runtime environment mostly in-memory for the later stages of pupy to run in. Pupy can communicate using various transports, migrate into processes, load remote python code, python packages and python C-extensions from memory.
Information<https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations>
<https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/>
<https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html>
<https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/>
<https://github.com/n1nj4sec/pupy>
MITRE ATT&CK<https://attack.mitre.org/software/S0192/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy>
<https://malpedia.caad.fkie.fraunhofer.de/details/py.pupy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.pupy>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool PupyRAT

ChangedNameCountryObserved

APT groups

 APT 33, Elfin, MagnalliumIran2013-Nov 2019 
 Cutting Kitten, TG-2889Iran2012-Mar 2016X
 Magic Hound, APT 35, Cobalt Gypsy, Charming KittenIran2013-Jul 2020X

3 groups listed (3 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key