Aspxtool

Malware updated 15 days ago (2024-11-29T14:46:39.288Z)
Download STIX
Preview STIX
ASPXTool is a type of malware, specifically a modified version of the ASPXSpy web shell. This malicious software is designed to infiltrate and exploit computer systems, often entering undetected through suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. The TG-3390 threat actors have been known to leverage existing ASPXTool web shells in their operations, typically opting to issue commands via an internally accessible web shell rather than using HttpBrowser or PlugX. The ASPXTool malware is particularly used to facilitate lateral movement within a network. It's deployed to internally accessible systems running Internet Information Services (IIS), which allows the adversaries to gain access to servers inside a target's network. This IIS-specific "Web shell" is one of the unique tools used by the TG-3390 group, demonstrating their sophisticated and targeted approach to cyber exploitation. In addition to ASPXTool, the TG-3390 group has also been noted for their use of the OwaAuth tool. This is another distinct piece of malware, serving as both a credential stealing tool and a Web shell. It's specifically designed to attack Microsoft Exchange servers running the Web Outlook interface. The combined use of these two tools - ASPXTool and OwaAuth - reflects the group's strategic approach to gaining and maintaining access within their targets' networks.
Description last updated: 2023-11-29T04:00:00.145Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Aspxtool Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more