Worok (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

Worok (Back to overview)

Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBeat, and a C# loader named PNGLoad.

Associated Families

There are currently no families associated with this actor.

References

2022-09-06 ⋅ ESET Research ⋅ Thibaut Passilly
Worok: The big picture
MimiKatz PNGLoad reGeorg ShadowPad Worok

Credits: MISP Project