China Chopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface (an executable file) and the receiver host file on the compromised web server.
China Chopper has many commands and control features such as a password brute-force attack option, code obfuscation, file and database management and a graphical user interface.[1][2][3][4] It originally was distributed from a website www.maicaidao.com which is now down. FireEye revealed that the client of this web shell is programmed in Microsoft Visual C++ 6.0
China Chopper was used in attacks against eight Australian web hosting providers which were compromised due to their use of an unsupported operating system (Windows Server 2008). Hackers connected the web servers to a Monero mining pool, by which they mined about 3868 AUD worth of Monero.[5]
In 2021, a version of the web shell programmed in JScript was used by Advanced Persistent Threat group Hafnium to exploit four zero-day vulnerabilities in Microsoft Exchange Server, in the 2021 Microsoft Exchange Server data breach. This web shell was dropped when one of these vulnerabilities was exploited, allowing attackers to upload a program which ran with administrator privileges.[6] With only the address of the .aspx file containing the script, a HTTP POST request could be made to the script with just a command in the request, causing the script to execute the command immediately using the JScript 'eval' function, allowing attackers to run arbitrary code on the server.[7]
^"China Chopper". NJCCIC. Archived from the original on 13 January 2019. Retrieved 22 December 2018.
^"What is the China Chopper Webshell, and how to find it on a compromised system?". 28 March 2018. Archived from the original on 13 January 2019. Retrieved 22 December 2018.
^"Breaking Down the China Chopper Web Shell - Part I « Breaking Down the China Chopper Web Shell - Part I". Mandiant. Archived from the original on 13 January 2019. Retrieved 2022-01-03.
^"Breaking Down the China Chopper Web Shell - Part II « Breaking Down the China Chopper Web Shell - Part II". Mandiant. Archived from the original on 7 January 2019. Retrieved 2022-01-03.
^Stilgherrian. "Australian web hosts hit with a Manic Menagerie of malware". ZDNet. Archived from the original on 2019-01-31. Retrieved 2019-03-17.
^"ProxyLogon". ProxyLogon (in Chinese (Taiwan)). Retrieved 2021-03-16.
^"Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix". threatpost.com. 16 March 2021. Retrieved 2021-03-16.
ChinaChopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors,...
of the very well known web shells used in this manner is known as “ChinaChopper.” Web shells are installed through vulnerabilities in web application...
Tony Tony Chopper (トニートニー・チョッパー, Tonī Tonī Choppā), otherwise known as "Cotton Candy Lover" and "Emergency Food" is a fictional character in the manga...
Attack Munition. APT Alf used a remote access tool dubbed "ChinaChopper". In 2017, Chinese hackers infiltrated the computers of Australian National University...
Minibike Pit bike Pocketbike "How to build a mini chopper" (PDF). custom-chopper-guide.com. Custom Chopper Guide. Retrieved 17 May 2020. "Scooter State Laws"...
Clockwork Island Adventure; playing soccer in Dream Soccer King! with Chopper's Kingdom on the Island of Strange Animals; and playing baseball in Take...
USS Chopper (SS/AGSS/IXSS-342), was a Balao-class submarine, of the United States Navy. It was their only ship to be named for the chopper, a common name...
operates out of China. Hafnium is known to install the web shell China Chopper. Microsoft identified Hafnium as "a highly skilled and sophisticated actor"...
General Bipin Rawat's chopper crashes in Tamil Nadu". India Today. Retrieved 9 December 2021. "Gen Bipin Rawat chopper crash: IAF chopper with CDS Bipin Rawat...
to reduce waste and seek cost efficiencies earned him the nickname "ChineseChopper", a reference to his ethnicity and his willingness to cut expenditures...
A Chinese chef's knife — sometimes referred to as a Càidāo (Chinese: 菜刀, lit. "vegetable knife"), a Chinese cleaver or a "chopper", is the rectangular-bladed...
Prisoner". CNN. March 24, 2003. Fred Kaplan (April 23, 2003). "Chop The Chopper: The Army's Apache Attack-Helicopter Had A Bad War". Slate. O'Rourke, Ryan...
is now a division of the Dutch corporation Accell. In 2006, the Raleigh Chopper was named in the list of British design icons in the Great British Design...
and that executions and suicides by any means (like diving into a wheat chopper) were commonplace. In the Nickelodeon animated TV series Avatar: The Last...
Market Cash Saver Country Mart Price Chopper / Price Mart (Kansas City, Missouri area) – unrelated to Price Chopper in the Northeast SunFresh ThriftWay...
bringing Chopper back was a bad idea. When Jug Mckenzie dies, Chopper meets the man's estranged daughter Mercy and her mother, Calista. Chopper returns...
Archived from the original on 2 December 2008. "French Everest Mystery Chopper's Utopia summit". MountEverest.net. 27 May 2005. Archived from the original...
China Beach is an American dramatic television series set at a military evacuation hospital during the Vietnam War. The title refers to the Western nickname...
quarter-finals of the China National Games after a tiring win against chopper Liu Fei. Despite getting injured the day before the semi-finals and finals...