SharPyShell (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

SharPyShell

aka: ASPSHELL

Actor(s): APT41

SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.

SharPyShell supports only C# web applications that runs on .NET Framework >= 2.0
VB is not supported atm.

2025-07-19 ⋅ Eye Security ⋅ Eye Security
SharePoint 0-day uncovered (CVE-2025-53770)
SharPyShell

2020-09-18 ⋅ Trend Micro ⋅ Trend Micro
U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
Cobalt Strike ColdLock SharPyShell

2019-03-12 ⋅ antonioCoco
SharPyShell
SharPyShell

There is no Yara-Signature yet.