{
	"id": "eb1f749b-1ad3-4ab2-b67d-0a56f4da5e57",
	"created_at": "2026-04-06T00:08:45.433411Z",
	"updated_at": "2026-04-10T13:11:34.59716Z",
	"deleted_at": null,
	"sha1_hash": "c56e5c6d4d0c63a7d62c31e1b3b0b654910074a7",
	"title": "pupy (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27604,
	"plain_text": "pupy (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 14:21:22 UTC\r\npupy\r\nPupy is an open-source, cross-platform RAT and post-exploitation framework mainly written in python. Pupy can\r\nbe loaded from various loaders, including PE EXE, reflective DLL, Linux ELF, pure python, powershell and APK.\r\nMost of the loaders bundle an embedded python runtime, python library modules in source/compiled/native forms\r\nas well as a flexible configuration. They bootstrap a python runtime environment mostly in-memory for the later\r\nstages of pupy to run in. Pupy can communicate using various transports, migrate into processes, load remote\r\npython code, python packages and python C-extensions from memory.\r\nReferences\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/elf.pupy"
	],
	"report_names": [
		"elf.pupy"
	],
	"threat_actors": [],
	"ts_created_at": 1775434125,
	"ts_updated_at": 1775826694,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c56e5c6d4d0c63a7d62c31e1b3b0b654910074a7.pdf",
		"text": "https://archive.orkl.eu/c56e5c6d4d0c63a7d62c31e1b3b0b654910074a7.txt",
		"img": "https://archive.orkl.eu/c56e5c6d4d0c63a7d62c31e1b3b0b654910074a7.jpg"
	}
}