DOGCALL

Malware updated 6 months ago (2024-05-04T18:28:22.311Z)
Download STIX
Preview STIX
Dogcall, also known as ROKRAT, is a remote access Trojan (RAT) malware first reported by Talos in April 2017. It has consistently been attributed to the Advanced Persistent Threat (APT37) group, also known as Reaper. The malware uses third-party hosting services for data upload and command acceptance. Dogcall's primary function is to exploit and damage computer systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. A recent investigation by Volexity discovered Dogcall being delivered alongside another malware called BLUELIGHT. This discovery indicates an active development and maintenance of the backdoor malware, with adaptations made for different platforms such as macOS (CloudMensis) and Android (RambleOn). The APT37 group's modus operandi includes the use of a custom malware family, such as Dogcall. AutoFocus customers can track this threat via various tags including KONNI, NOKKI, Final1stspy, Dogcall, and Reaper. Interesting aspects of the relationship between Dogcall and its users include commented out North Korean-related lure information and Dogcall malware payload. The payload has been identified as part of the Dogcall malware family, which is attributed to the Reaper group, linked to North Korea by several security organizations. When executed, the malware deploys on the victim machine from files like "World Cup predictions.doc". This blog details the relationship found between the NOKKI and Dogcall malware families and introduces Final1stspy, a previously unreported malware family used to deploy Dogcall.
Description last updated: 2024-05-04T16:24:27.612Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
ROKRAT is a possible alias for DOGCALL. RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However,
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the DOGCALL Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more