SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
ASPXSpy
ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. [1]
ID: S0073
Associated Software: ASPXTool
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| Enterprise | T1100 | Web Shell |
ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS).[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0027 | Threat Group-3390 |
Threat Group-3390 has used a modified version of ASPXSpy called ASPXTool.[1] |
| G0014 | Night Dragon | [2] |
| G0087 | APT39 | [3] |
| G0096 | APT41 | [4] |
References
- Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
- McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.