Skip to content

S0073 ASPXSpy

ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. 1

Item Value
ID S0073
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1505 Server Software Component -
enterprise T1505.003 Web Shell ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS).1

Groups That Use This Software

ID Name References
G0096 APT41 2
G0027 Threat Group-3390 Threat Group-3390 has used a modified version of ASPXSpy called ASPXTool.13
G0087 APT39 4
G0014 Night Dragon 5
G0125 HAFNIUM 6

References

Back to top