Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
China Chopper's server component executes code sent via HTTP POST commands.[3] |
Enterprise | T1110 | .001 | Brute Force: Password Guessing |
China Chopper's server component can perform brute force password guessing against authentication portals.[3] |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
China Chopper's server component is capable of opening a command terminal.[6][1][7] |
Enterprise | T1005 | Data from Local System |
China Chopper's server component can upload local files.[3][1][7][5] |
|
Enterprise | T1083 | File and Directory Discovery |
China Chopper's server component can list directory contents.[3][5] |
|
Enterprise | T1070 | .006 | Indicator Removal: Timestomp |
China Chopper's server component can change the timestamp of files.[3][1][7] |
Enterprise | T1105 | Ingress Tool Transfer |
China Chopper's server component can download remote files.[3][1][7][5][8] |
|
Enterprise | T1046 | Network Service Discovery |
China Chopper's server component can spider authentication portals.[3] |
|
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
China Chopper's client component is packed with UPX.[1] |
Enterprise | T1505 | .003 | Server Software Component: Web Shell |
China Chopper's server component is a Web Shell payload.[1] |
ID | Name | References |
---|---|---|
G0093 | GALLIUM | |
G0135 | BackdoorDiplomacy | |
G0117 | Fox Kitten | |
G0027 | Threat Group-3390 | |
G0096 | APT41 |
APT41 used the |
G1022 | ToddyCat | |
G0125 | HAFNIUM | |
G0065 | Leviathan |