From bba9de6d0c7ccabd0deb6c8b71b312e59de7c988 Mon Sep 17 00:00:00 2001
From: CERT Orange CyberDefense
 <5493049+cert-orangecyberdefense@users.noreply.github.com>
Date: Tue, 18 Feb 2025 14:25:33 +0100
Subject: [PATCH] Create readme

Green Nailao investigation, IOCs and Yara
---
 green_nailao/readme | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 green_nailao/readme

diff --git a/green_nailao/readme b/green_nailao/readme
new file mode 100644
index 0000000..cc1512d
--- /dev/null
+++ b/green_nailao/readme
@@ -0,0 +1,6 @@
+Green Nailao is a malicious campaign that has been targeting at least between June and October 2024 European organizations, in particular in the healthcare sector.
+Tracked as Green Nailao (“Nailao” meaning “cheese” in Chinese – a topic our World Watch team holds in high regard), this campaign involves the ShadowPad malware as well as a previously undocumented ransomware payload dubbed NailaoLocker.
+Orange Cyberdefense does not associate this campaign with a known threat group. Nevertheless, we assess with medium confidence that the threat actors do align with typical Chinese intrusion sets.
+
+Full research article: 
+https://www.orangecyberdefense.com/global/blog/cert-news/meet-nailaolocker-a-ransomware-distributed-in-europe-by-shadowpad-and-plugx-backdoors#c137080