The China Chopper webshell is a lightweight, one-line script that is observed being dropped in these attacks by the use of the PowerShell Set-OabVirtualDirectory cmdlet. Palo Alto Networks provides an overview of the one-liner script that has been observed in attacks since at least 2013. We also analyze incidental artifacts, such as metadata, created by the attacks themselves, which allow us to collect information and better understand the nature and methodology of the attackers. For more information, please refer to our Threat Assessment: Active Exploitation of Four Zero-Day Vulnerabilities in Microsoft Exchange.”]
Source: https://unit42.paloaltonetworks.com/china-chopper-webshell/