NanHaiShu (0e28dfc9-8948-4c08-b7d8-9e80e19cc464)
NanHaiShu is a remote access tool and JScript backdoor used by Leviathan. NanHaiShu has been used to target government and private-sector organizations that have relations to the South China Sea dispute. [Proofpoint Leviathan Oct 2017] [fsecure NanHaiShu July 2016]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Leviathan (eadd78e3-3b5d-430a-b994-4360b172c871) | Tidal Groups | NanHaiShu (0e28dfc9-8948-4c08-b7d8-9e80e19cc464) | Tidal Software | 1 |