From 9cadabba7a67968bee7eb0ff322c5fe9d6d09963 Mon Sep 17 00:00:00 2001 From: Thomas Dupuy Date: Tue, 11 Aug 2020 12:37:28 -0400 Subject: [PATCH] Add WellMess and WellMail --- clusters/tool.json | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index fe882b2..13a5e0c 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -8093,7 +8093,40 @@ "related": [], "uuid": "e83d1296-027a-4f30-98e0-19622967d5c4", "value": "CrackMapExec" + }, + { + "description": "Wellmess is a Remote Access Trojan written in Golang and also have a .NET version", + "meta": { + "refs": [ + "https://www.lac.co.jp/lacwatch/pdf/20180614_cecreport_vol3.pdf", + "https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html", + "https://www.botconf.eu/wp-content/uploads/2018/12/2018-Y-Ishikawa-S-Nagano-Lets-go-with-a-Go-RAT-_final.pdf", + "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf" + ], + "synonyms": [], + "type": [ + "RAT" + ] + }, + "related": [], + "uuid": "4fe80228-1142-4e70-9df8-c8f1f3356cfb", + "value": "WellMess" + }, + { + "description": "WellMail is a lightweight tool designed to run commands or scripts with the results being sent to a hardcoded Command and Control (C2) server.", + "meta": { + "refs": [ + "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf" + ], + "synonyms": [], + "type": [ + "RAT" + ] + }, + "related": [], + "uuid": "59266c02-e3c8-47a6-b00c-bbb50c8975e9", + "value": "WellMail" } ], - "version": 136 + "version": 137 }