S0228Windows

S0228NanHaiShu

Platforms
1
ATT&CK
14.1
References
3

Description

[NanHaiShu](https://attack.mitre.org/software/S0228) is a remote access tool and JScript backdoor used by [Leviathan](https://attack.mitre.org/groups/G0065). [NanHaiShu](https://attack.mitre.org/software/S0228) has been used to target government and private-sector organizations that have relations to the South China Sea dispute. (Citation: Proofpoint Leviathan Oct 2017) (Citation: fsecure NanHaiShu July 2016)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupLeviathang0065100%live

References

  1. https://attack.mitre.org/software/S0228
  2. https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
  3. https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
NavRAT
Software
SHIPSHAPE
Group
Leviathan
Software
Orz
Software
ZxShell
Software
China Chopper
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.