Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-02 11:40:28 UTC
Home > List all groups > List all tools > List all groups using tool Pylot
 Tool: Pylot
Names
Pylot
Travle
Category Malware
Type Backdoor, Info stealer
Description
(Carbon Black) The Pylot (or Travle) malware family appears to be an evolution of the
NetTraveler malware family (which has been linked to attackers out of China by
numerous sources). Over the last year a variant has been observed as a secondary payload
often used in conjunction with malicious carrier files (typically MS Office or Rich Text
Format (RTF) documents).
The Pylot malware has been observed being installed via shellcode from known CVEs in
Office products as well as by malware loaders (or first stage malware variants,
specifically the CMStar malware family). In late 2017 samples of the Pylot family were
submitted, by customers, to the Carbon Black Threat Analysis Unit (TAU) as part of
ongoing investigation.
Information AlienVault OTX Last change to this tool card: 20 April 2020
Download this tool card in JSON format
All groups using tool Pylot
Changed Name Country Observed
APT groups
 Vicious Panda 2015-Mar 2020
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f5e66c69-d62f-41cd-88da-fbe2d53d1dd3
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f5e66c69-d62f-41cd-88da-fbe2d53d1dd3
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f5e66c69-d62f-41cd-88da-fbe2d53d1dd3
Page 2 of 2