Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

China Chopper

China Chopper is a Web Shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server. [1] It has been used by several threat groups. [2] [3]

ID: S0020
Aliases: China Chopper
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
China Chopper[2] [3]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceChina Chopper is capable of opening a command terminal.[4]
EnterpriseT1083File and Directory DiscoveryChina Chopper can list directory contents.[3]
EnterpriseT1105Remote File CopyChina Chopper can upload and download files.[3]
EnterpriseT1071Standard Application Layer ProtocolChina Chopper executes code using HTTP POST commands.[3]
EnterpriseT1100Web ShellThe China Chopper backdoor is a Web shell that supports server payloads for many different kinds of server-side scripting languages and contains functionality to access files, connect to a database, and open a virtual command prompt.[1]

Groups

Groups that use this software:

Leviathan
Threat Group-3390

References