1. Home
  2. Software
  3. Peppy

Peppy

Peppy is a Python-based remote access Trojan, active since at least 2012, with similarities to Crimson.[1]

ID: S0643
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 07 September 2021
Last Modified: 15 October 2021
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 命令与脚本解释器: Windows Command Shell

Peppy has the ability to execute shell commands.[1]
Enterprise T1113 屏幕捕获

Peppy can take screenshots on targeted systems.[1]
Enterprise T1071 .001 应用层协议: Web Protocols

Peppy can use HTTP to communicate with C2.[1]
Enterprise T1083 文件和目录发现

Peppy can identify specific files for exfiltration.[1]
Enterprise T1020 自动化渗出

Peppy has the ability to automatically exfiltrate files and keylogs.[1]
Enterprise T1105 输入工具传输

Peppy can download and execute remote files.[1]
Enterprise T1056 .001 输入捕获: Keylogging

Peppy can log keystrokes on compromised hosts.[1]

Groups That Use This Software

ID Name References
G0134 Transparent Tribe

[2]

References

  1. Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.
  1. Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.