Botconf 2018 has ended
Back To Schedule
Friday, December 7 • 11:50 - 12:20
Let’s Go with a Go RAT!

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The Go language (GoLang) is an open source programming language developed by Google Inc. in 2009, and it can be run on various platforms such as Linux, Mac, Windows, Android.
Speaking of malware using Golang, Mirai is one of the famous one (they use it for the C2 program), but malware such as Encriyoko, Lady, GoARM.Bot, Go Athena RAT and others are also confirmed.
However, we can't say that Golang malware is commonly used as development basis for malware coding when looking at the ratio of popular malware.

In this presentation, we would like to introduce the analysis result of a new malware, we called it as "WellMess" that was coded on Golang on multiple platform operating systems. This malware was used by several incident cases that we confirmed from January 2018, we recognize it as a new malware according to our team's analysis and the traffic generated on its communication to the C2 servers.
Additionally, we will perform reverse engineering explanation of the WellMess malware and perform demonstration on its botnet operation.


Yoshihiro ISHIKAWA

Cyber Threat Analyst, LAC
Yoshihiro Ishikawa is a member of the Cyber Emergency Center of LAC, he has been engaged in malware analysis and cyber threat intelligence. Especially involved in analyzing incidents of Advanced Persistant Thread (APT) attacks. He presented at APCERT, HITCON. He is also currently... Read More →

Shinichi NAGANO

LAC Co.,Ltd.
Shinichi Nagano is a member of the Cyber Emergency Center with the background as Network Forensic Analyst and he now becomes one of malware analysis team of LAC, along with the Malware Analyst he analyzed various of malware and network log threat specially incidents.