Worok  (Back to overview)

Worok is a cyber espionage group, mostly targeting Central Asia. The group toolset includes a C++ loader named CLRLoad, a PowerShell backdoor named PowHeartBeat, and a C# loader named PNGLoad.

Associated Families

There are currently no families associated with this actor.

2022-09-06ESET ResearchThibaut Passilly
@online{passilly:20220906:worok:0c106ac, author = {Thibaut Passilly}, title = {{Worok: The big picture}}, date = {2022-09-06}, organization = {ESET Research}, url = {}, language = {English}, urldate = {2022-09-10} } Worok: The big picture
MimiKatz PNGLoad reGeorg ShadowPad Worok

Credits: MISP Project