{
	"id": "564a8137-ac68-481b-9db4-74a90102e2af",
	"created_at": "2026-04-06T00:13:34.705816Z",
	"updated_at": "2026-04-10T03:21:36.315743Z",
	"deleted_at": null,
	"sha1_hash": "c5f6f757081aada6e87debeb2da8ff1611001ae6",
	"title": "GitHub - 7h3w4lk3r/pyback: cross-platform C2 framework in python 2",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 108391,
	"plain_text": "GitHub - 7h3w4lk3r/pyback: cross-platform C2 framework in\r\npython 2\r\nBy 7h3w4lk3r\r\nArchived: 2026-04-05 16:31:32 UTC\r\nPYBACK 2.1.0\r\nObject-oriented FUD (if you keep it that way) cross-platform backdoor and CNC written in python 2 with\r\npost exploitation modules and encrypted communication.\r\nFeatures\r\n. Automated obfuscation and packing with pyarmor and pyinstaller\r\n. Cross-platform modules (of course)\r\n. Direct shell access ( no need to type extra garbage )\r\n. AES encrypted communication\r\n. Command and Control center\r\n. Can execute commands on all sessions at the same time ( AKA Botnet )\r\n. Download/upload files\r\n. Detect virtual machine and sandbox\r\n. Take screenshots\r\n. Dump clipboard\r\n. Keylogger\r\n. Spawn a separate powershell session\r\n. Enable/disable RDP\r\n. Enable/disable UAC\r\n. Easy session interaction and handling\r\n. Windows persistence using registry entries\r\nInstallation\r\nyou can use python native installation or wine\r\nrequirements:\r\npython 2 ,version 2.7.15 or later\r\nto install pyback simply run the setup.py\r\nhttps://github.com/7h3w4lk3r/pyback\r\nPage 1 of 3\n\npython setup.py\r\nor use wine:\r\nwine /root/.wine/drive_c/Python27/python.exe setup.py\r\nUsage\r\nrun the generator script and follow the steps, you can choose to pack and obfuscate the backdoor\r\nautomatically during the config operation.\r\npython generate.py\r\nusing wine:\r\nwine /root/.wine/drive_c/Python27/python.exe generate.py\r\nthe generated backdoor will be saved in the output directory inside pyback folder.\r\nsend the backdoor, start the c2 and wait for connections.\r\npython cnc.py\r\nUsage Tips\r\n. DO NOT USE QUOTES in path names, for example use file name instead of \"file name\" when changing\r\ndirectories with cd\r\n. If you want to upload a file it should be placed in the same directory as the cnc.py file.\r\n. spawn module will spawn a separate shell using powershell for windows, catch it with netcat.\r\n. While using the CNC shell your prompt will be like this: [ CNC ] \u003e\u003e\u003e and it can run local system commands.\r\n. To get a list of all available commands in CNC or backdoor prompt simply type help .\r\n. ANY COMMAND not included in the help banners will be executed as system shell commands so be carefull\r\nwith that.\r\nChangelog\r\nsee changelogs for different versions here\r\nPOC\r\n❗ DO NOT upload this on VirusTotal or anywhere else, I DID IT FOR YOU ❗\r\nUpdated in 23 Apr 2021:\r\nhttps://github.com/7h3w4lk3r/pyback\r\nPage 2 of 3\n\nContact\r\nEmail: bl4ckr4z3r@gmail.com\r\nSource: https://github.com/7h3w4lk3r/pyback\r\nhttps://github.com/7h3w4lk3r/pyback\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/7h3w4lk3r/pyback"
	],
	"report_names": [
		"pyback"
	],
	"threat_actors": [],
	"ts_created_at": 1775434414,
	"ts_updated_at": 1775791296,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c5f6f757081aada6e87debeb2da8ff1611001ae6.pdf",
		"text": "https://archive.orkl.eu/c5f6f757081aada6e87debeb2da8ff1611001ae6.txt",
		"img": "https://archive.orkl.eu/c5f6f757081aada6e87debeb2da8ff1611001ae6.jpg"
	}
}