From f5ff479a13f249bc16a9d6f40b9fb9ba959f1a68 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 4 Aug 2016 15:43:16 +0200 Subject: [PATCH] NANHAISHU added --- elements/threat-actor-tools.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json index ad6f88c..4c260ba 100644 --- a/elements/threat-actor-tools.json +++ b/elements/threat-actor-tools.json @@ -491,6 +491,11 @@ "value": "Prikormka", "description": "Operation Groundbait based on our research into the Prikormka malware family. This includes detailed technical analysis of the Prikormka malware family and its spreading mechanisms, and a description of the most noteworthy attack campaigns.", "refs": ["http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf"] + }, + { + "value": "NanHaiShu", + "description": "This whitepaper details a malicious program we identify as NanHaiShu. Based on our analysis, the threat actor behind this malware targets government and private-sector organizations.", + "refs": ["https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf"] } ],