HOMETHREATSSharPyShell
APT / THREAT GROUP

SharPyShell

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.

SharPyShell supports only C# web applications that runs on .NET Framework >= 2.0

VB is not supported atm.

Threat Analysis

SharPyShell is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

ASPSHELLwin.sharpyshellSharPyShell

External Intelligence

Malpedia: win.sharpyshell

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SharPyShell — APT / Threat Group | Threat Intelligence | CTIWATCH.COM