SYMBOLCOMMON_NAMEaka. SYNONYMS
js.nanhaishu (Back to overview)

NanHaiShu

Actor(s): Leviathan


NanHaiShu is a remote access tool and JScript backdoor used by Leviathan. NanHaiShu has been used to target government and private-sector organizations that have relations to the South China Sea dispute.

References
2019-01-01MITREMITRE ATT&CK
Tool description: NanHaiShu
NanHaiShu
2017-10-16ProofpointAxel F, Pierre T
Leviathan: Espionage actor spearphishes maritime and defense targets
NanHaiShu SeDll APT40
2016-08-05F-SecureF-Secure Labs
NANHAISHU: RATing the South China Sea
NanHaiShu
2015-06-24SpiceworksChris Miller
Stealthy Cyberespionage Campaign Attacks With Social Engineering
NanHaiShu

There is no Yara-Signature yet.