Worok  (Back to overview)

Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBeat, and a C# loader named PNGLoad.

Associated Families

There are currently no families associated with this actor.

2022-09-06ESET ResearchThibaut Passilly
Worok: The big picture
MimiKatz PNGLoad reGeorg ShadowPad Worok

Credits: MISP Project