WellMess

Description

(NCSC-UK) WellMess is malware written in either Golang or .NET and has been in use since at least 2018. WellMess was first reported on by JPCERT and LAC researchers in July 2018. It is named after one of the function names in the malware -‘wellmess’. WellMess is a lightweight malware designed to execute arbitrary shell commands, upload and download files. The malware supports HTTP, TLS and DNS communications methods.

Names

Name
WellMess
elf.wellmess

Type

Backdoor
Exfiltration

Information

https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf
https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html
https://www.lac.co.jp/lacwatch/pdf/20180614_cecreport_vol3.pdf
https://www.botconf.eu/wp-content/uploads/2018/12/2018-Y-Ishikawa-S-Nagano-Lets-go-with-a-Go-RAT-_final.pdf
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198b

Mitre Attack

https://attack.mitre.org/software/S0514/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/elf.wellmess

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:WellMess

Other Information

Uuid

5619706d-69a0-45a6-9e40-f1c0e9ba2eed

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

WellMess

WellMess

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks