Derp.ca

pupy

Also known as: Patpoopy

Pupy is an open-source, cross-platform RAT and post-exploitation framework mainly written in python. Pupy can be loaded from various loaders, including PE EXE, reflective DLL, Linux ELF, pure python, powershell and APK. Most of the loaders bundle an embedded python runtime, python library modules in source/compiled/native forms as well as a flexible configuration. They bootstrap a python runtime environment mostly in-memory for the later stages of pupy to run in. Pupy can communicate using various transports, migrate into processes, load remote python code, python packages and python C-extensions from memory.

Linked Threat Actors

APT33APT35OilRigRocket Kitten

C2 Infrastructure

Hosting/VPS100%

Last 7 days

Mar 17, 2026
C2 Hosts: 1

Further Reading

Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.

Although heavily focused on the Middle East, Elfin (aka APT33) has also targeted a range of organizations in the U.S. including a number of major corporations.

symantec-blogs.broadcom.com
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.

Although heavily focused on the Middle East, Elfin (aka APT33) has also targeted a range of organizations in the U.S. including a number of major corporations.

symantec.com
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach

Volexity frequently works with individuals and organizations heavily targeted by sophisticated, motivated, and well-equipped threat actors from around the world. Some of these individuals or organi...

volexity.com