Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 21:35:40 UTC
Home > List all groups > List all tools > List all groups using tool OpGhoul
 Tool: OpGhoul
Names OpGhoul
Category Malware
Type Reconnaissance, Backdoor, Keylogger, Credential stealer, Info stealer
Description
(Kaspersky) The malware is based on the Hawkeye commercial spyware, which provides a
variety of tools for the attackers, in addition to malware anonymity from attribution. It initiates
by self-deploying and configuring persistence, while using anti-debugging and timeout
techniques, then starts collecting interesting data from the victim’s device, including:
• Keystrokes
• Clipboard data
• FileZilla ftp server credentials
• Account data from local browsers
• Account data from local messaging clients (Paltalk, Google talk, AIM…)
• Account data from local email clients (Outlook, Windows Live mail…)
• License information of some installed applications
Information
Malpedia Last change to this tool card: 23 April 2020
Download this tool card in JSON format
All groups using tool OpGhoul
Changed Name Country Observed
APT groups
 Operation Ghoul [Unknown] 2016
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=95f5b536-a369-481f-a9da-71b6a4dc16ed
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=95f5b536-a369-481f-a9da-71b6a4dc16ed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=95f5b536-a369-481f-a9da-71b6a4dc16ed
Page 2 of 2