Additionally, the most prevalent malware groupings included Pentesting, Remote Access Trojans (RATs), and Backdoors.įor a point of clarification, the distinction made between RATs and Backdoors pertains to the malware family’s feature sets. The most prominent malware families included Veil, GoBot2, and HERCULES. Of the samples, 75% were able to have their malware family identified. Additionally, 92% of the samples identified were compiled for the Windows operating system, indicating that this is the most heavily targeted system by Go malware developers. Based on the samples’ first seen timestamps, we can conclude that Go-compiled malware has been steadily on the rise for a number of months. In total, roughly 10,700 unique malware samples written in Go were obtained. The blog discusses my methodology of data collection and my results. With that in mind, I set out to collect as much malware written in Go as possible, and cluster it by malware family. Additionally, I was curious what malware families would be most prevalent, as there is a notion among many that Go is primarily used by penetration testers and red teamers. While there have been an increased number of blogs in recent years discussing Go malware families, I wanted to know if this programming language was indeed on the rise when it pertained to malware. Go, sometimes referred to as GoLang, was created by Google in 2009 and has gained additional popularity within the malware development community in recent years. In recent months, I have taken a keen interest in malware written in the Go programming language.
0 Comments
Leave a Reply. |