SYMBOLCOMMON_NAMEaka. SYNONYMS
js.nanhaishu (Back to overview)

NanHaiShu

Actor(s): Leviathan

NanHaiShu is a remote access tool and JScript backdoor used by Leviathan. NanHaiShu has been used to target government and private-sector organizations that have relations to the South China Sea dispute.

References
2019MITREMITRE ATT&CK
@online{attck:2019:tool:5022816, author = {MITRE ATT&CK}, title = {{Tool description: NanHaiShu}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/software/S0228/}, language = {English}, urldate = {2019-12-20} } Tool description: NanHaiShu
NanHaiShu
2017-10-16ProofpointAxel F, Pierre T
@online{f:20171016:leviathan:a898346, author = {Axel F and Pierre T}, title = {{Leviathan: Espionage actor spearphishes maritime and defense targets}}, date = {2017-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets}, language = {English}, urldate = {2019-12-20} } Leviathan: Espionage actor spearphishes maritime and defense targets
NanHaiShu SeDll APT40
2016-08-05F-SecureF-Secure Labs
@techreport{labs:20160805:nanhaishu:cee830d, author = {F-Secure Labs}, title = {{NANHAISHU: RATing the South China Sea}}, date = {2016-08-05}, institution = {F-Secure}, url = {https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf}, language = {English}, urldate = {2020-01-13} } NANHAISHU: RATing the South China Sea
NanHaiShu
2015-06-24SpiceworksChris Miller
@online{miller:20150624:stealthy:9bceed3, author = {Chris Miller}, title = {{Stealthy Cyberespionage Campaign Attacks With Social Engineering}}, date = {2015-06-24}, organization = {Spiceworks}, url = {https://community.spiceworks.com/topic/1028936-stealthy-cyberespionage-campaign-attacks-with-social-engineering}, language = {English}, urldate = {2019-12-10} } Stealthy Cyberespionage Campaign Attacks With Social Engineering
NanHaiShu

There is no Yara-Signature yet.