DOGCALL

Description

(FireEye) DOGCALL is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. DOGCALL is capable of capturing screenshots, logging keystrokes, evading analysis with anti-virtual machine detections, and leveraging cloud storage APIs such as Cloud, Box, Dropbox, and Yandex.

DOGCALL was used to target South Korean Government and military organizations in March and April 2017.
The malware is typically dropped using an HWP exploit in a lure document.

The wiper tool, RUHAPPY, was found on some of the systems targeted by DOGCALL. While DOGCALL is primarily an espionage tool, RUHAPPY is a destructive wiper tool meant to render systems inoperable.

Names

Name
DOGCALL

Type

Backdoor
Keylogger
Info stealer

Information

https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

Mitre Attack

https://attack.mitre.org/software/S0213/

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:dogcall

Other Information

Uuid

26caccee-f011-40c9-b1a7-e29e763f3d39

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

DOGCALL

DOGCALL

Description

Names

Category

Type

Information

Mitre Attack

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks