ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. [1]

ID: S0073
Associated Software: ASPXTool
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1505 .003 Server Software Component: Web Shell

ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS).[1]

Groups That Use This Software

ID Name References
G0027 Threat Group-3390

Threat Group-3390 has used a modified version of ASPXSpy called ASPXTool.[1]

G0014 Night Dragon


G0087 APT39


G0096 APT41