GROK

Description

It is the case of a very sophisticated keylogger used by the Equation Group called “Grok”, which was also mentioned in one of the documents leaked by Edward Snowden. Grok is considered a keylogging component of the UNITEDRAKE malware, which experts linked to Regin malware.

“The codename GROK appears in several documents published by Der Spiegel, where ‘a keylogger’ is mentioned. Our analysis indicates EQUATIONGROUP’s GROK plugin is indeed a keylogger on steroids that can perform many other functions,” reads the report.

“Grok” is referred to for the first time in a post published by The Intercept titled, “How the NSA Plans to Infect ‘Millions’ of Computers with Malware.” The article introduces an NSA-developed keylogger called Grok.

Names

Name
GROK

Type

Keylogger

Information

https://resources.infosecinstitute.com/equation-group-apt-tao-nsa-two-hacking-arsenals-similar/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.grok

Other Information

Uuid

5135e7d5-5c40-4e5a-b580-f8610ad7852b

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

GROK

GROK

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks