Remote Access Trojan

WellMess

First seen: 2018 • Status: inactive

Currently Inactive

WellMess was a spy tool used by Russian hackers to steal vaccine research during the pandemic.

Overview

WellMess is a cross-platform RAT attributed to APT29 (Cozy Bear). It was used in attacks against COVID-19 vaccine research organizations.

Also Known As

Well Mess

How It Spreads

  • Targeted exploitation
  • Custom malware delivery
  • Citrix vulnerability exploitation

What It Does

  • Remote access
  • Command execution
  • Data exfiltration
  • Cross-platform operation

Is your business exposed?

Target Platforms

Windows, Linux

Detection Tips

  • Monitor for WellMess indicators
  • Check for Go-based malware
  • Analyze vaccine research targeting
  • Review Citrix exploitation

MITRE ATT&CK Techniques

T1059, T1005, T1041, T1190

If You're Infected

  1. 1.

    Engage national cyber security agency

  2. 2.

    Conduct APT investigation

  3. 3.

    Rebuild compromised systems

  4. 4.

    Patch Citrix vulnerabilities

Related Malware

Wellmail, Sunburst, CobaltStrike

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices