{
	"id": "59c92355-2534-4b69-88d9-d41b8b40656b",
	"created_at": "2026-04-06T00:10:07.813423Z",
	"updated_at": "2026-04-10T03:22:09.995965Z",
	"deleted_at": null,
	"sha1_hash": "af2852ed4efbec06f5235ce2f06ee8e70878a5f1",
	"title": "Peppy RAT (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29237,
	"plain_text": "Peppy RAT (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 17:51:43 UTC\r\nPeppy is a Python-based RAT with the majority of its appearances having similarities or definite overlap with\r\nMSIL/Crimson appearances. Peppy communicates to its C\u0026C over HTTP and utilizes SQLite for much of its\r\ninternal functionality and tracking of exfiltrated files. The primary purpose of Peppy may be the automated\r\nexfiltration of potentially interesting files and keylogs. Once Peppy successfully communicates to its C\u0026C, the\r\nkeylogging and exfiltration of files using configurable search parameters begins. Files are exfiltrated using HTTP\r\nPOST requests.\r\n[TLP:WHITE] win_peppy_rat_auto (20201014 | autogenerated rule brought to you by yara-signator)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.peppy_rat\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.peppy_rat\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.peppy_rat"
	],
	"report_names": [
		"win.peppy_rat"
	],
	"threat_actors": [],
	"ts_created_at": 1775434207,
	"ts_updated_at": 1775791329,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/af2852ed4efbec06f5235ce2f06ee8e70878a5f1.pdf",
		"text": "https://archive.orkl.eu/af2852ed4efbec06f5235ce2f06ee8e70878a5f1.txt",
		"img": "https://archive.orkl.eu/af2852ed4efbec06f5235ce2f06ee8e70878a5f1.jpg"
	}
}