ASPXSpy

ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. [1]

ID: S0073
Associated Software: ASPXTool
Type: MALWARE
Platforms: Windows
Version: 1.2
Created: 31 May 2017
Last Modified: 22 September 2022

Techniques Used

Domain ID Name Use
Enterprise T1505 .003 Server Software Component: Web Shell

ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS).[1]

Groups That Use This Software

ID Name References
G0096 APT41

[2]

G0125 HAFNIUM

[3]

G0027 Threat Group-3390

Threat Group-3390 has used a modified version of ASPXSpy called ASPXTool.[1][4]

G0087 APT39

[5]

Campaigns

ID Name Description
C0002 Night Dragon

During Night Dragon, threat actors deployed ASPXSpy on compromised web servers.[6]

References