Golang binaries are had to analyze (or rather were, new tooling, etc). Assume vendors and automation are 5 years behind everyone else actually doing malware analysis by hand. Most of this blocking is probably running off of signatures and not behavior.