Tool: PupyRAT| Names | PupyRAT Pupy | |
| Category | Tools | |
| Type | Backdoor | |
| Description | Pupy is an open-source, cross-platform RAT and post-exploitation framework mainly written in python. Pupy can be loaded from various loaders, including PE EXE, reflective DLL, Linux ELF, pure python, powershell and APK. Most of the loaders bundle an embedded python runtime, python library modules in source/compiled/native forms as well as a flexible configuration. They bootstrap a python runtime environment mostly in-memory for the later stages of pupy to run in. Pupy can communicate using various transports, migrate into processes, load remote python code, python packages and python C-extensions from memory. | |
| Information | <https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations> <https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/> <https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html> <https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/> <https://github.com/n1nj4sec/pupy> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0192/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy> <https://malpedia.caad.fkie.fraunhofer.de/details/py.pupy> <https://malpedia.caad.fkie.fraunhofer.de/details/win.pupy> | |
Last change to this tool card: 14 May 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | APT 33, Elfin, Magnallium |  | 2013-Nov 2019 | ||
| Cutting Kitten, TG-2889 | | 2012-Mar 2016 |  | ||
| Magic Hound, APT 35, Cobalt Gypsy, Charming Kitten | | 2013-Jul 2020 | | ||
3 groups listed (3 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |