S0020Windows

S0020China Chopper

Platforms
1
ATT&CK
14.1
References
6

Description

[China Chopper](https://attack.mitre.org/software/S0020) is a [Web Shell](https://attack.mitre.org/techniques/T1505/003) hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server.(Citation: Lee 2013) It has been used by several threat groups.(Citation: Dell TG-3390)(Citation: FireEye Periscope March 2018)(Citation: CISA AA21-200A APT40 July 2021)(Citation: Rapid7 HAFNIUM Mar 2021)

Platforms· 1

Windows

Uses1

TypeTargetConfidenceTier
SubTechniqueWeb Shellt1505.003100%live

References

  1. https://attack.mitre.org/software/S0020
  2. https://us-cert.cisa.gov/ncas/alerts/aa21-200a
  3. https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
  4. https://www.rapid7.com/blog/post/2021/03/23/defending-against-the-zero-day-analyzing-attacker-behavior-post-exploitation-of-microsoft-exchange/
  5. https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
  6. https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Sub-technique
Web Shell
Actor
HURRICANE PANDA
Software
CHOPSTICK
Software
BlackMould
Software
HTTPBrowser
Software
Chaos
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.