NanHaiShu

Description

(F-Secure) Once installed on a machine in the target network, NanHaiShu sends information from the infected machine to a remote command and control (C&C) server.

Names

Name
NanHaiShu

Category

Malware

Type

• Reconnaissance
• Backdoor

Information

• https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf
• https://community.spiceworks.com/topic/1028936-stealthy-cyberespionage-campaign-attacks-with-social-engineering
• https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets

Mitre Attack

• https://attack.mitre.org/software/S0228/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/js.nanhaishu

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:NanHaiShu

Other Information

Uuid

3e475211-36fc-4c58-801c-fa3ce5da0879

Last Card Change

2020-05-13