SYMBOLCOMMON_NAMEaka. SYNONYMS
win.blueshell (Back to overview)

BlueShell

According to AhnLab, BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Mac operating systems. Currently, the original Github repository is presumed to have been deleted, but the BlueShell source code can still be obtained from other repositories. It features an explanatory ReadMe file in Chinese, indicating the possibility that the creator is a Chinese user.

References
2023-09-11AhnLabSanseo
BlueShell Used in APT Attacks Against Korean and Thai Targets
BlueShell Sliver Dalbit
2023-09-05AhnLabSanseo
BlueShell malware used in APT attacks targeting Korea and Thailand
BlueShell SparkRAT
2023-02-13AhnLabkingkimgim
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign
Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit

There is no Yara-Signature yet.