ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool GROK

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: GROK

NamesGROK
CategoryMalware
TypeKeylogger
DescriptionIt is the case of a very sophisticated keylogger used by the Equation Group called “Grok”, which was also mentioned in one of the documents leaked by Edward Snowden. Grok is considered a keylogging component of the UNITEDRAKE malware, which experts linked to Regin malware.

“The codename GROK appears in several documents published by Der Spiegel, where ‘a keylogger’ is mentioned. Our analysis indicates EQUATIONGROUP’s GROK plugin is indeed a keylogger on steroids that can perform many other functions,” reads the report.

“Grok” is referred to for the first time in a post published by The Intercept titled, “How the NSA Plans to Infect ‘Millions’ of Computers with Malware.” The article introduces an NSA-developed keylogger called Grok.
Information<https://resources.infosecinstitute.com/equation-group-apt-tao-nsa-two-hacking-arsenals-similar/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.grok>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

Previous: GRILLMARK
Next: gsecdump

All groups using tool GROK

ChangedNameCountryObserved

APT groups

 Equation GroupUSA2001-Aug 2016X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key