Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:27:40 UTC
 Tool: Rook
Names Rook
Category Malware
Type Ransomware
Description
According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening files by encryptin
file/ransom note ('HowToRestoreYourFiles.txt'). Rook renames files by appending the '.Rook' extension. For example, it renames '1.jpg'
Information
Malpedia Last change to this tool card: 30 November 2023
Download this tool card in JSON format
All groups using tool Rook
Changed Name Country Observed
APT groups
 Bronze Starlight 2021-Mar 2023
1 group listed (1 APT, 0 other, 0 unknown)
↑
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c454ae0f-ae6d-4d20-a7dc-78665a109e37
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c454ae0f-ae6d-4d20-a7dc-78665a109e37
Page 1 of 1