SYMBOLCOMMON_NAMEaka. SYNONYMS
js.peckbirdy (Back to overview)

PeckBirdy

According to Trend Micro, PeckBirdy is a script-based framework which, while possessing advanced capabilities, is implemented using JScript, an old script language. This is to ensure that the framework could be launched across different execution environments via LOLBins (Living off the land binaries). This flexibility allowed to use PeckBirdy in various kill chain stages, including being used as a watering-hole control server during the initial attack phase, as a reverse shell server during the lateral movement phase, and as a C&C server during the backdoor phase.

References
2026-01-26Trend MicroJoseph C Chen, Ted Lee
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy GRAYRABBIT

There is no Yara-Signature yet.