pay.aspx

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Pay.aspx is a harmful malware that is part of the China Chopper webshell, specifically designed to exploit and damage computer systems. It infiltrates systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The pay.aspx file operates similarly to the stylecss.aspx webshell, with the primary distinction being the URL parameter 'vuiHWNVJAEF' which pay.aspx uses to obtain and execute JScript. A recent advisory from the Canadian Center for Cyber Security discussed the similarities and differences between the stylecss.aspx and pay.aspx webshells. The comparison showed that while both are part of the same family of malware, they utilize different methods to achieve their malicious objectives. The major difference lies in the specific URL parameters each webshell uses, with pay.aspx employing the unique 'vuiHWNVJAEF' parameter to run its harmful scripts. The alert issued by the Canadian Center for Cyber Security also included the SHA256 hashes of the files associated with this campaign. The hash for the pay.aspx file was identified as 05108ac3c3d708977f2d679bfa6d2eaf63b371e66428018a68efce4b6a45b4b4. This information provides a precise digital fingerprint of the file, enabling cybersecurity professionals to identify and track the spread of this particular strain of malware.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
stylecss.aspx
1
Stylecss.aspx is a form of malware, specifically a webshell, found on SharePoint servers. It's associated with the China Chopper code, a well-known webshell used by cybercriminals for remote control over a compromised server. The stylecss.aspx webshell operates similarly to other known webshells suc
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
China
Webshell
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
China ChopperUnspecified
1
China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the pay.aspx Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Emissary Panda Attacks Middle East Government SharePoint Servers