HOMETHREATSBROKEYOLK
MALWARE FAMILY

BROKEYOLK

Internal ID: win.brokeyolk
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Mandiant, BROKEYOLK is a .NET downloader that downloads and executes a file from a hard-coded command and control (C2) server. The malware communicates via SOAP (Simple Object Access Protocol) requests using HTTP.

Threat Analysis

BROKEYOLK is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.brokeyolk

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
BROKEYOLK — Malware Family | Threat Intelligence | CTIWATCH.COM