China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)

China Chopper is a Web Shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server.^{[Lee 2013]} It has been used by several threat groups.^{[Dell TG-3390]}^{[FireEye Periscope March 2018]}^{[CISA AA21-200A APT40 July 2021]}^{[Rapid7 HAFNIUM Mar 2021]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Threat Group-3390 (79be2f31-5626-425e-844c-fd9c99e38fe5)	Tidal Groups	China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	1
APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9)	Tidal Groups	China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	1
China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	ToddyCat (0f41da7d-1e47-58fe-ba6e-ee658a985e1b)	Tidal Groups	1
China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	Leviathan (eadd78e3-3b5d-430a-b994-4360b172c871)	Tidal Groups	1
China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	Flax Typhoon (b39d8eae-12e3-4903-a387-4c31d16a73b2)	Tidal Groups	1
China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	BackdoorDiplomacy (e5b0da2b-12bc-4113-9459-9c51329c9ae0)	Tidal Groups	1
Fox Kitten (7094468a-2310-48b5-ad24-e669152bd66d)	Tidal Groups	China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	1
HAFNIUM (1bcc9382-ccfe-4b04-91f3-ef1250df5e5b)	Tidal Groups	China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	1
GALLIUM (15ff1ce0-44f0-4f1d-a4ef-83444570e572)	Tidal Groups	China Chopper (723c5ab7-23ca-46f2-83bb-f1d1e550122c)	Tidal Software	1