stylecss.aspx

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Stylecss.aspx is a form of malware, specifically a webshell, found on SharePoint servers. It's associated with the China Chopper code, a well-known webshell used by cybercriminals for remote control over a compromised server. The stylecss.aspx webshell operates similarly to other known webshells such as stylecs.aspx and pay.aspx, with notable differences in how they run JScript and accept parameters within their URLs. These webshells were identified in an advisory from the Canadian Center for Cyber Security, which highlighted their threat potential and similarities. The stylecss.aspx webshell shares significant similarities with the pay.aspx webshell, both part of the China Chopper suite. The primary difference between these two lies in the URL parameter they use: while pay.aspx uses 'vuiHWNVJAEF' to obtain and run JScript, stylecss.aspx and its counterpart stylecs.aspx utilize 'e358efa489f58062f10dd7316b65649e', the MD5 hash of 't'. This information was corroborated by the National Cyber Security Centre (NCSC) advisory, which noted the same filename, stylecss.aspx, being used for the webshell linked to China Chopper. However, there are distinct operational differences between stylecss.aspx and stylecs.aspx. Both run JScript provided within the 'e358efa489f58062f10dd7316b65649e' parameter of the URL, but stylecss.aspx does not accept base64 encoded JScript. Instead, it expects the JScript in cleartext, provided as URL safe text by the actor. This variation in behavior underscores the adaptability and sophistication of these malicious tools, making them a significant cybersecurity concern.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
China Chopper
1
China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated
test.aspx
1
Test.aspx is a malicious software (malware) that was found embedded in a SharePoint server. It's part of a group of webshells, including stylecs.aspx and stylecss.aspx, all of which appear to be related to the China Chopper webshell. This malware can infiltrate your system through suspicious downloa
stylecs.aspx
1
Stylecs.aspx is a type of malware, specifically a webshell, that was found on a SharePoint server. It's associated with the China Chopper code, a known hacking tool used by cybercriminals, and it forms part of a series of related webshells including stylecss.aspx and test.aspx. These webshells were
pay.aspx
1
Pay.aspx is a harmful malware that is part of the China Chopper webshell, specifically designed to exploit and damage computer systems. It infiltrates systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, it can steal personal informati
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
China
Webshell
Sharepoint
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the stylecss.aspx Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Emissary Panda Attacks Middle East Government SharePoint Servers