WellMess (e0e79fab-0f1d-4fc2-b424-208cb019a9cd)
Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
WellMess (e0e79fab-0f1d-4fc2-b424-208cb019a9cd) | Backdoor | WellMess (d84ebd91-58f6-459f-96a1-d028a1719914) | Malpedia | 1 |