Pupy
MITRE
Malware Type:
Tool
Tool
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as a payload in several different ways (Windows exe, Python file, PowerShell oneliner/file, Linux elf, APK, Rubber Ducky, etc.). (Citation: GitHub Pupy) [Pupy](https://attack.mitre.org/software/S0192) is publicly available on GitHub. (Citation: GitHub Pupy)
Associated Techniques (41)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.001 | LSASS Memory | - |
| T1003.004 | LSA Secrets | - |
| T1003.005 | Cached Domain Credentials | - |
| T1016 | System Network Configuration Discovery | - |
| T1021.001 | Remote Desktop Protocol | - |
| T1033 | System Owner/User Discovery | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1046 | Network Service Discovery | - |
| T1049 | System Network Connections Discovery | - |
| T1055.001 | Dynamic-link Library Injection | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
| T1059.001 | PowerShell | - |
| T1059.006 | Python | - |
| T1070.001 | Clear Windows Event Logs | - |
Used by Actors (2)
Metadata
| ID: | 771 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |