{"id":48160,"date":"2022-08-25T00:00:00","date_gmt":"2022-08-25T00:00:00","guid":{"rendered":"urn:uuid:ced46746-f256-ed3e-c935-7c3a392958ac"},"modified":"2022-08-25T00:00:00","modified_gmt":"2022-08-25T00:00:00","slug":"new-golang-ransomware-agenda-customizes-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/","title":{"rendered":"New Golang Ransomware Agenda Customizes Attacks"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks\/Agenda%20banner.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks\/Agenda%20blog%20banner.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><span class=\"body-subhead-title\">Analysis and notable features<\/span><\/p>\n<p>The Agenda ransomware is a 64-bit Windows PE file written in Go. Go programs&nbsp;are cross-platform and completely standalone, meaning they will execute properly even without a Go interpreter installed on a system. This is possible since Go statically compiles necessary libraries (packages).<\/p>\n<p>Upon execution, this ransomware accepts various command-line arguments that define the malware flow and functionality, as listed in the table below.<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"13\">\n<tr>\n<td width=\"100\"><b>Argument&nbsp;<\/b><\/td>\n<td><b>Description<\/b><\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-alter {int}&nbsp;<\/td>\n<td>Defines the port number for this child process<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-encryption {value}&nbsp;<\/td>\n<td>Allows for redefining the embed encryptor config to the customized choice&nbsp;<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-ips {IP Address}&nbsp;<\/td>\n<td>Allows for providing IP addresses&nbsp;<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td>-min-size {value}&nbsp;<\/td>\n<td>Defines the minimum file size to encrypt (e.g., 1 KB, 1 MB, 1 GB, 666 KB)&nbsp;<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-no-proc&nbsp;<\/td>\n<td>Defines the processes that will not be killed&nbsp;<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-no-services&nbsp;<\/td>\n<td>Defines the services that will not be killed&nbsp;<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-password {string}&nbsp;&nbsp;<\/td>\n<td>Defines the password to enter landing<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>-path {directory}&nbsp;<\/td>\n<td>Defines the path that parses directories; if this flag is used and left empty, all directories will be scanned<\/td>\n<\/tr>\n<tr>\n<td>-safe&nbsp;<\/td>\n<td>Boots in safe mode&nbsp;<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>-stat&nbsp;<\/td>\n<td>Makes malware print its configuration (processes and services to be killed, encryption, etc.)&nbsp;&nbsp;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 1. Command-line arguments accepted by Agenda<\/p>\n<p>Agenda builds a runtime configuration to define its behavior, including its public RSA key, encryption conditions, list of processes and services to terminate, encryption extension, login credentials, and ransom note.&nbsp;<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"6\">\n<tr readability=\"2\">\n<td width=\"100\"><b>Runtime configuration component&nbsp;<\/b><\/td>\n<td><b>Description<\/b><\/td>\n<\/tr>\n<tr>\n<td>public_rsa_pem&nbsp;<\/td>\n<td>RSA public key<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>directory_black_list&nbsp;<\/td>\n<td>Directories excluded from encryption<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>file_black_list&nbsp;<\/td>\n<td>File names excluded from encryption<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>file_pattern_black_list&nbsp;<\/td>\n<td>File name extensions excluded from encryption<\/td>\n<\/tr>\n<tr>\n<td>process_black_list&nbsp;<\/td>\n<td>Processes to terminate<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>win_services_black_list&nbsp;<\/td>\n<td>Services to terminate<\/td>\n<\/tr>\n<tr>\n<td>company_id&nbsp;<\/td>\n<td>Encryption extension<\/td>\n<\/tr>\n<tr>\n<td>accounts&nbsp;<\/td>\n<td>Login credentials<\/td>\n<\/tr>\n<tr>\n<td>note&nbsp;<\/td>\n<td>Ransom note<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 2. The runtime configuration components of Agenda<\/p>\n<p>As part of its initial routine, Agenda determines if the machine is running in safe mode by checking the string safeboot in the data of this registry value:&nbsp;<\/p>\n<p><i>HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control SystemStartOptions&nbsp;<\/i><\/p>\n<p>If it detects that the machine is running in safe mode, it terminates execution.&nbsp;<\/p>\n<p>The ransomware then removes shadow volume copies via execution of <i>vssadmin.exe delete shadows \/all \/quiet<\/i>, as well as terminating specific processes and services indicated in its runtime configuration, some of which are antivirus-related processes and services.&nbsp;<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody>\n<tr>\n<td width=\"100\"><b>Processes&nbsp;<\/b><\/td>\n<td><b>Services<\/b><\/td>\n<\/tr>\n<tr>\n<td>a2service.exe&nbsp;<\/td>\n<td>acronis vss provider&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>a2start.exe&nbsp;<\/td>\n<td>acronis vss provider&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>aawservice.exe&nbsp;<\/td>\n<td>acronisagent&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>ashserv.exe&nbsp;<\/td>\n<td>acronisagent&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>avengine.exe&nbsp;<\/td>\n<td>acronisagentd<\/td>\n<\/tr>\n<tr>\n<td>avkwctl.exe&nbsp;<\/td>\n<td>avbackup&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>blackd.exe&nbsp;<\/td>\n<td>avbackupd<\/td>\n<\/tr>\n<tr>\n<td>cfp.exe&nbsp;<\/td>\n<td>ccevtmgr<\/td>\n<\/tr>\n<tr>\n<td>fsav32.exe&nbsp;&nbsp;<\/td>\n<td>macmnsvc<\/td>\n<\/tr>\n<tr>\n<td>fsdfwd.exe&nbsp;<\/td>\n<td>macmnsvcd&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>fsguiexe.exe&nbsp;&nbsp;<\/td>\n<td>masvc<\/td>\n<\/tr>\n<tr>\n<td>kpf4gui.exe&nbsp;<\/td>\n<td>masvcd<\/td>\n<\/tr>\n<tr>\n<td>mcods.exe&nbsp;<\/td>\n<td>mcshield<\/td>\n<\/tr>\n<tr>\n<td>mcpalmcfg.exe&nbsp;<\/td>\n<td>sentinelagent&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>mcproxy.exe&nbsp;<\/td>\n<td>sentinelagentd<\/td>\n<\/tr>\n<tr>\n<td>mcregwiz.exe&nbsp;<\/td>\n<td>sentinelhelperservice&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>mcsacore.exe&nbsp;<\/td>\n<td>sentinelhelperserviced&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>mcshield.exe&nbsp;<\/td>\n<td>sentinelstaticengine&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>mpfagent.exe&nbsp;<\/td>\n<td>sentinelstaticengined<\/td>\n<\/tr>\n<tr>\n<td>mpfservice.exe&nbsp;<\/td>\n<td>shmonitor&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>msmpeng.exe&nbsp;<\/td>\n<td>shmonitord<\/td>\n<\/tr>\n<tr>\n<td>msscli.exe&nbsp;<\/td>\n<td>smcinst<\/td>\n<\/tr>\n<tr>\n<td>nisum.exe&nbsp;<\/td>\n<td>tmccsf&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>ntrtscan.exe&nbsp;<\/td>\n<td>tmccsfd<\/td>\n<\/tr>\n<tr>\n<td>pccpfw.exe&nbsp;<\/td>\n<td>tmlisten&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>tmntsrv.exe&nbsp;<\/td>\n<td>tmlistend<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 3. Some of the antivirus-related processes and services terminated by Agenda<\/p>\n<p>After its initial routine, Agenda proceeds to create the runonce autostart entry *aster pointing to enc.exe, which is a dropped copy of itself under the Public folder:&nbsp;&nbsp;<\/p>\n<p><i>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce*aster = %Public%\\enc.exe<\/i><\/p>\n<p><b>Changing user passwords and rebooting in safe mode<\/b><\/p>\n<p>Agenda also deploys a detection evasion technique during encryption: It changes the default user\u2019s password and enables automatic login with the new login credentials. This feature can be enabled using the -safe command-line argument. Similar to <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/revil-ransomware-now-changes-password-to-auto-login-in-safe-mode\/amp\/\" target=\"_blank\" rel=\"noopener\">REvil<\/a>, Agenda reboots the victim\u2019s machine in safe mode and then proceeds with the encryption routine upon reboot.&nbsp;<\/p>\n<p>To begin, Agenda lists all local users found on the device and then checks which one is set as the default user.&nbsp;&nbsp;<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":48161,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9511,9508,9539,9509],"class_list":["post-48160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Golang Ransomware Agenda Customizes Attacks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Golang Ransomware Agenda Customizes Attacks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-25T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks\/Agenda%20banner.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Golang Ransomware Agenda Customizes Attacks\",\"datePublished\":\"2022-08-25T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/\"},\"wordCount\":685,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/new-golang-ransomware-agenda-customizes-attacks.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/\",\"name\":\"New Golang Ransomware Agenda Customizes Attacks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/new-golang-ransomware-agenda-customizes-attacks.jpg\",\"datePublished\":\"2022-08-25T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/new-golang-ransomware-agenda-customizes-attacks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/new-golang-ransomware-agenda-customizes-attacks.jpg\",\"width\":640,\"height\":351},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-golang-ransomware-agenda-customizes-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Golang Ransomware Agenda Customizes Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Golang Ransomware Agenda Customizes Attacks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/","og_locale":"en_US","og_type":"article","og_title":"New Golang Ransomware Agenda Customizes Attacks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-25T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks\/Agenda%20banner.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Golang Ransomware Agenda Customizes Attacks","datePublished":"2022-08-25T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/"},"wordCount":685,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/new-golang-ransomware-agenda-customizes-attacks.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/","url":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/","name":"New Golang Ransomware Agenda Customizes Attacks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/new-golang-ransomware-agenda-customizes-attacks.jpg","datePublished":"2022-08-25T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/new-golang-ransomware-agenda-customizes-attacks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/new-golang-ransomware-agenda-customizes-attacks.jpg","width":640,"height":351},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-golang-ransomware-agenda-customizes-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"New Golang Ransomware Agenda Customizes Attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48160"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48160\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48161"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}