Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:14:53 UTC
Home > List all groups > List all tools > List all groups using tool NOKNOK
 Tool: NOKNOK
Names NOKNOK
Category Malware
Type Backdoor
Description
(Volexity) The backdoor deployed by the macOS version of the malware-laden VPN
application infection chain is called NOKNOK. This is downloaded by the VPN application
and executed in memory.
Information Last change to this tool card: 06 March 2024
Download this tool card in JSON format
All groups using tool NOKNOK
Changed Name Country Observed
APT groups
 GreenCharlie 2020
 Magic Hound, APT 35, Cobalt Illusion, Charming Kitten 2012-Jun 2025
2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6ea5383e-9a39-4a7e-a49c-ea19568fd3e0
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6ea5383e-9a39-4a7e-a49c-ea19568fd3e0
Page 1 of 1