WellMail

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[WellMail](https://attack.mitre.org/software/S0515) is a lightweight malware written in Golang used by [APT29](https://attack.mitre.org/groups/G0016), similar in design and structure to [WellMess](https://attack.mitre.org/software/S0514).(Citation: CISA WellMail July 2020)(Citation: NCSC APT29 July 2020)

Associated Techniques (9)

ID	ATT&CK	Tactics
T1005	Data from Local System	-
T1016	System Network Configuration Discovery	-
T1033	System Owner/User Discovery	-
T1095	Non-Application Layer Protocol	-
T1105	Ingress Tool Transfer	-
T1140	Deobfuscate/Decode Files or Information	-
T1560	Archive Collected Data	-
T1571	Non-Standard Port	-
T1573.002	Asymmetric Cryptography	-

Used by Actors (1)

APT29
Nation-state

Metadata

ID:	426
Created:	13/01/2026 17:48
Updated:	08/03/2026 16:00