Peppy is a Python-based remote access Trojan, active since at least 2012, with similarities to Crimson.[1]

ID: S0643
Platforms: Windows
Version: 1.0
Created: 07 September 2021
Last Modified: 15 October 2021

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Peppy can use HTTP to communicate with C2.[1]

Enterprise T1020 Automated Exfiltration

Peppy has the ability to automatically exfiltrate files and keylogs.[1]

Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

Peppy has the ability to execute shell commands.[1]

Enterprise T1083 File and Directory Discovery

Peppy can identify specific files for exfiltration.[1]

Enterprise T1105 Ingress Tool Transfer

Peppy can download and execute remote files.[1]

Enterprise T1056 .001 Input Capture: Keylogging

Peppy can log keystrokes on compromised hosts.[1]

Enterprise T1113 Screen Capture

Peppy can take screenshots on targeted systems.[1]

Groups That Use This Software

ID Name References
G0134 Transparent Tribe