ShortLeash

According to STRIKE, ShortLeash is a custom backdoor used to create an ORB network. It generates unique, self-signed TLS certificates with spoofed metadata for each node. Analysis of these certificates revealed over 1000 active nodes globally and victimology supports attribution to China-Nexus APTs.

Family metadata imported from Malpedia (Fraunhofer FKIE).