APT / THREAT GROUP

PyXie

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Full-featured Python RAT compiled into an executable.

PyXie RAT functionality includes:

* Man-in-the-middle (MITM) Interception

* Web-injects

* Keylogging

* Credential harvesting

* Network Scanning

* Cookie theft

* Clearing logs

* Recording video

* Running arbitrary payloads

* Monitoring USB drives and exfiltrating data

* WebDav server

* Socks5 proxy

* Virtual Network Connection (VNC)

* Certificate theft

* Inventorying software

* Enumerating the domain with Sharphound

Threat Analysis

PyXie is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

win.pyxiePyXiePyXie RAT

External Intelligence

Malpedia: win.pyxie

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.