Software: China Chopper

From ATT&CK
Jump to: navigation, search
China Chopper
Software
ID S0020
Aliases China Chopper
Type Malware
Windows built-in software No

China Chopper is a Web shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server.1 It has been used by several threat groups, including Threat Group-3390.2

Techniques Used

  • Web Shell - The China Chopper backdoor is a Web shell that supports server payloads for many different kinds of server-side scripting languages and contains functionality to access files, connect to a database, and open a virtual command prompt.1

Groups

The following groups use this software: