Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)

Peppy is a Python-based remote access Trojan, active since at least 2012, with similarities to Crimson.(Citation: Proofpoint Operation Transparent Tribe March 2016)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	1
Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	1
Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	1
Peppy - S0643 (6c2550d5-a01a-4bbb-a004-6ead348ba623)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2