APT / THREAT GROUP
PyXie
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Full-featured Python RAT compiled into an executable.
PyXie RAT functionality includes:
* Man-in-the-middle (MITM) Interception
* Web-injects
* Keylogging
* Credential harvesting
* Network Scanning
* Cookie theft
* Clearing logs
* Recording video
* Running arbitrary payloads
* Monitoring USB drives and exfiltrating data
* WebDav server
* Socks5 proxy
* Virtual Network Connection (VNC)
* Certificate theft
* Inventorying software
* Enumerating the domain with Sharphound
Threat Analysis
PyXie is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
win.pyxiePyXiePyXie RAT
External Intelligence
Malpedia: win.pyxieResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.