DOGCALL

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Dogcall, also known as ROKRAT, is a remote access Trojan (RAT) malware first reported by Talos in April 2017. It has consistently been attributed to the Advanced Persistent Threat (APT37) group, also known as Reaper. The malware uses third-party hosting services for data upload and command acceptance. Dogcall's primary function is to exploit and damage computer systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. A recent investigation by Volexity discovered Dogcall being delivered alongside another malware called BLUELIGHT. This discovery indicates an active development and maintenance of the backdoor malware, with adaptations made for different platforms such as macOS (CloudMensis) and Android (RambleOn). The APT37 group's modus operandi includes the use of a custom malware family, such as Dogcall. AutoFocus customers can track this threat via various tags including KONNI, NOKKI, Final1stspy, Dogcall, and Reaper. Interesting aspects of the relationship between Dogcall and its users include commented out North Korean-related lure information and Dogcall malware payload. The payload has been identified as part of the Dogcall malware family, which is attributed to the Reaper group, linked to North Korea by several security organizations. When executed, the malware deploys on the victim machine from files like "World Cup predictions.doc". This blog details the relationship found between the NOKKI and Dogcall malware families and introduces Final1stspy, a previously unreported malware family used to deploy Dogcall.
What's your take? (Question 1 of 1)
b3c4bc21-2296-4d12-956e-53c7e40f1491 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
ROKRAT
3
RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the DOGCALL Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT
Checkpoint
a year ago
Chain Reaction: ROKRAT’s Missing Link - Check Point Research
CERT-EU
a year ago
North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
MITRE
a year ago
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT