This Golang written malware is used as backdoor using the http protocol by a state sponsored threat actor (TA). This backdoor is running in a loop of three stages:
- Check the connectivity
- Registration of the victim
- Retrieval and execution of commands
This TA is using also variants .NET backdoors utilizing HTTP and DNS.
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage
Loki RAT El Machete APT Backdoor Dropper Lyceum .NET DNS Backdoor Lyceum .NET TCP Backdoor Lyceum Golang HTTP Backdoor
There is no Yara-Signature yet.