Pupy
The MITRE Corporation
· Published 16/12/2025 19:37 · Modified 27/03/2026 01:07
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:37
- Modified
- 27/03/2026 01:07
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 42 attack patterns (mitre), 2 intrusion sets (apt), 1 reports
Description
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as a payload in several different ways (Windows exe, Python file, PowerShell oneliner/file, Linux elf, APK, Rubber Ducky, etc.). (Citation: GitHub Pupy) [Pupy](https://attack.mitre.org/software/S0192) is publicly available on GitHub. (Citation: GitHub Pupy)
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets, tools and other entities linked to this tool.
Attack patterns (MITRE) (42)
-
T1550.003 usesPass the Ticket
-
T1059.006 usesPython
-
T1136.001 usesLocal Account
-
T1003.005
-
T1125 usesVideo Capture
-
T1123 usesAudio Capture
-
T1555 usesCredentials from Password Stores
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1547.013 usesXDG Autostart Entries
-
T1557.001 usesLLMNR/NBT-NS Poisoning and SMB Relay
-
T1134.001 usesToken Impersonation/Theft
-
T1114.001 usesLocal Email Collection
-
LSA Secrets uses
-
T1056.001 usesKeylogging
-
T1497.001 usesSystem Checks
-
T1041 usesExfiltration Over C2 Channel
-
T1113 usesScreen Capture
-
T1543.002 usesSystemd Service
-
T1087.001 usesLocal Account
-
T1135 usesNetwork Share Discovery
-
T1136.002 usesDomain Account
-
T1082 usesSystem Information Discovery
-
T1555.003 usesCredentials from Web Browsers
-
T1016 usesSystem Network Configuration Discovery
-
T1083 usesFile and Directory Discovery
-
T1070.001 usesClear Windows Event Logs
-
T1071.001 usesWeb Protocols
-
T1573.002 usesAsymmetric Cryptography
-
T1552.001 usesCredentials In Files
-
T1569.002 usesService Execution
-
T1105 usesIngress Tool Transfer
-
T1003.001 usesLSASS Memory
-
T1560.001 usesArchive via Utility
-
T1057 usesProcess Discovery
-
T1548.002 usesBypass User Account Control
-
T1055.001 usesDynamic-link Library Injection
-
T1049 usesSystem Network Connections Discovery
-
T1021.001 usesRemote Desktop Protocol
-
T1046 usesNetwork Service Discovery
-
T1059.001 usesPowerShell
-
T1033 usesSystem Owner/User Discovery
Intrusion sets (APT) (2)
-
The MITRE Corporation Confidence 100
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14 -
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Reports (1)
-
Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 ToolsPublished 29/05/2026 11:51 · threat-report