ShortLeash (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.shortleash (Back to overview)

ShortLeash

According to STRIKE, ShortLeash is a custom backdoor used to create an ORB network. It generates unique, self-signed TLS certificates with spoofed metadata for each node. Analysis of these certificates revealed over 1000 active nodes globally and victimology supports attribution to China-Nexus APTs.

References

2025-06-16 ⋅ SecurityScorecard ⋅ STRIKE Team
Checking all the Boxes: LapDogs, The New ORB in Town
ShortLeash ShortLeash

2025-03-20 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White, Jungsoo An, Vitor Ventura
UAT-5918 targets critical infrastructure entities in Taiwan
ShortLeash LaZagne JuicyPotato Meterpreter MimiKatz ShortLeash UAT-5918

There is no Yara-Signature yet.

ShortLeash Propose Change

References

ShortLeash