Skip to content

S0073 ASPXSpy

ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. 1

Item Value
ID S0073
Associated Names
Type MALWARE
Version 1.2
Created 31 May 2017
Last Modified 22 September 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1505 Server Software Component -
enterprise T1505.003 Web Shell ASPXSpy is a Web shell. The ASPXTool version used by Threat Group-3390 has been deployed to accessible servers running Internet Information Services (IIS).1

Groups That Use This Software

ID Name References
G0096 APT41 3
G0125 HAFNIUM 4
G0087 APT39 5
G0027 Threat Group-3390 Threat Group-3390 has used a modified version of ASPXSpy called ASPXTool.16

References