Pyramid (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

py.pyramid (Back to overview)

Pyramid

According to its author, Pyramid is a post exploitation framework written in Python, capable of executing offensive tooling from a signed binary (e.g. python.exe) by importing their dependencies in memory. It was created to demonstrate a bypass strategy against EDRs based on some blind-spots assumptions.

References

2025-03-04 ⋅ Hunt.io ⋅ Hunt.io
Exposing Russian EFF Impersonators: The Inside Story on Stealc & Pyramid C2
Pyramid Stealc

2025-02-12 ⋅ Hunt.io ⋅ Hunt.io
Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt
Pyramid

2022-08-13 ⋅ Github (naksyn) ⋅ Diego Capriotti
Github Repo for Pyramid
Pyramid

There is no Yara-Signature yet.

Pyramid Propose Change

References

Pyramid