SYMBOLCOMMON_NAMEaka. SYNONYMS
win.pyxie (Back to overview)

PyXie

aka: PyXie RAT

Full-featured Python RAT compiled into an executable.

PyXie RAT functionality includes:
* Man-in-the-middle (MITM) Interception
* Web-injects
* Keylogging
* Credential harvesting
* Network Scanning
* Cookie theft
* Clearing logs
* Recording video
* Running arbitrary payloads
* Monitoring USB drives and exfiltrating data
* WebDav server
* Socks5 proxy
* Virtual Network Connection (VNC)
* Certificate theft
* Inventorying software
* Enumerating the domain with Sharphound

References
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:indicators:1ec9384, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/}, language = {English}, urldate = {2020-11-12} } Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777
Cobalt Strike PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:last:11cf9f2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Last, but Not Least: Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/3}, language = {English}, urldate = {2020-11-12} } Last, but Not Least: Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:linking:152fbf2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Linking Vatet, PyXie and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/4}, language = {English}, urldate = {2020-11-12} } Linking Vatet, PyXie and Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:when:8e743b9, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/}, language = {English}, urldate = {2020-11-12} } When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:next:c911bb5, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Next Up: “PyXie Lite”}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/2/}, language = {English}, urldate = {2020-11-09} } Next Up: “PyXie Lite”
Defray PyXie
2020SecureworksSecureWorks
@online{secureworks:2020:gold:8050e44, author = {SecureWorks}, title = {{GOLD DUPONT}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/gold-dupont}, language = {English}, urldate = {2020-05-23} } GOLD DUPONT
Cobalt Strike Defray PyXie
2019-12-02CylanceRyan Tracey
@online{tracey:20191202:meet:9cac66d, author = {Ryan Tracey}, title = {{Meet PyXie: A Nefarious New Python RAT}}, date = {2019-12-02}, organization = {Cylance}, url = {https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html}, language = {English}, urldate = {2020-02-01} } Meet PyXie: A Nefarious New Python RAT
PyXie

There is no Yara-Signature yet.