Malware
PLUGGYAPE
According to CERT-UA, this malware establishes a connection to the management server using web sockets and/or MQTT, data is transmitted in JSON format.
PLUGGYAPE is a Python malware family operated by Void Blizzard.
Background
CERT-UA reports that this malware reaches its control server over web sockets and/or MQTT, exchanging data in JSON format. It derives a unique device ID by running basic host details (MAC address, BIOS serial number, disk and processor ID) through SHA-256 and keeping the first 16 bytes. The malware runs program code delivered by the server and stays persistent by adding an entry to the Run key of the operating system registry.
Source: Malpedia (Fraunhofer FKIE).