Skip to content

S0643 Peppy

Peppy is a Python-based remote access Trojan, active since at least 2012, with similarities to Crimson.1

Item Value
ID S0643
Associated Names
Version 1.0
Created 07 September 2021
Last Modified 15 October 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols Peppy can use HTTP to communicate with C2.1
enterprise T1020 Automated Exfiltration Peppy has the ability to automatically exfiltrate files and keylogs.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell Peppy has the ability to execute shell commands.1
enterprise T1083 File and Directory Discovery Peppy can identify specific files for exfiltration.1
enterprise T1105 Ingress Tool Transfer Peppy can download and execute remote files.1
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging Peppy can log keystrokes on compromised hosts.1
enterprise T1113 Screen Capture Peppy can take screenshots on targeted systems.1

Groups That Use This Software

ID Name References
G0134 Transparent Tribe 2