oRAT is a new piece of macOS malware, written in Go, belonging to a recently uncovered APT group, "Earth Berberoka". After first addressing challenges of reversing Go-based malware, we will provide the first comprehensive analysis of this intriguing threat …but not in the traditional way.
Rather we’ll highlight the creation of a custom command & control server that allowed us to uncover the malware’s full functionality, simply by asking the right questions!