Lyceum Golang HTTP Backdoor

This Golang written malware is used as backdoor using the http protocol by a state sponsored threat actor (TA). This backdoor is running in a loop of three stages:

• Check the connectivity
• Registration of the victim
• Retrieval and execution of commands This TA is using also variants .NET backdoors utilizing HTTP and DNS.

Family metadata imported from Malpedia (Fraunhofer FKIE).