ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. 
ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS).
Threat Group-3390 has used a modified version of ASPXSpy called ASPXTool.
During Night Dragon, threat actors deployed ASPXSpy on compromised web servers.