Worok  (Back to overview)

Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBeat, and a C# loader named PNGLoad.

---

Associated Families

There are currently no families associated with this actor.

---

References

2022-09-06 ⋅ ESET Research ⋅ Thibaut Passilly @online{passilly:20220906:worok:0c106ac, author = {Thibaut Passilly}, title = {{Worok: The big picture}}, date = {2022-09-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/09/06/worok-big-picture/}, language = {English}, urldate = {2022-09-10} } Worok: The big picture MimiKatz PNGLoad reGeorg ShadowPad Worok

---

Credits: MISP Project