Register to stream ATT&CKcon 2.0 October 29-30

ASPXSpy

ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. [1]

ID: S0073
Associated Software: ASPXTool
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1100 Web Shell ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS). [1]

Groups That Use This Software

ID Name References
G0027 Threat Group-3390 [1]
G0014 Night Dragon [2]
G0087 APT39 [3]

References