APT / THREAT GROUP
CHINACHOPPER
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
a simple code injection webshell that executes Microsoft .NET code within HTTP POST commands. This allows the shell to upload and download files, execute applications with web server account permissions, list directory contents, access Active Directory, access databases, and any other action allowed by the .NET runtime.
Threat Analysis
CHINACHOPPER is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.chinachopperCHINACHOPPER
External Intelligence
Malpedia: win.chinachopperResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.