Remote Access Trojan
WellMail
First seen: 2020 • Status: inactive
Currently Inactive
WellMail was a helper tool used with WellMess by Russian spies to steal research secrets.
Overview
WellMail is a lightweight tool used alongside WellMess by APT29 for targeted espionage. It provides command execution and file transfer capabilities.
Also Known As
Well Mail
How It Spreads
- • Post-exploitation deployment
- • APT29 operations
What It Does
- • Command execution
- • File transfer
- • Script running
- • Data collection
Is your business exposed?
Target Platforms
Linux
Detection Tips
- • Hunt for WellMail alongside WellMess
- • Monitor for APT29 indicators
- • Check for Go-based Linux backdoors
MITRE ATT&CK Techniques
T1059, T1105, T1005, T1041
If You're Infected
- 1.
Part of APT29 investigation
- 2.
Remove WellMail components
- 3.
Conduct full APT assessment
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required