APT / THREAT GROUP
BlueShell
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to AhnLab, BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Mac operating systems. Currently, the original Github repository is presumed to have been deleted, but the BlueShell source code can still be obtained from other repositories. It features an explanatory ReadMe file in Chinese, indicating the possibility that the creator is a Chinese user.
Threat Analysis
BlueShell is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.blueshellBlueShell
External Intelligence
Malpedia: win.blueshellResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.