S0213 DOGCALL
DOGCALL is a backdoor used by APT37 that has been used to target South Korean government and military organizations in 2017. It is typically dropped using a Hangul Word Processor (HWP) exploit. 1
| Item | Value |
|---|---|
| ID | S0213 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 18 April 2018 |
| Last Modified | 30 March 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1123 | Audio Capture | DOGCALL can capture microphone data from the victim’s machine.2 |
| enterprise | T1105 | Ingress Tool Transfer | DOGCALL can download and execute additional payloads.2 |
| enterprise | T1056 | Input Capture | - |
| enterprise | T1056.001 | Keylogging | DOGCALL is capable of logging keystrokes.12 |
| enterprise | T1027 | Obfuscated Files or Information | DOGCALL is encrypted using single-byte XOR.2 |
| enterprise | T1113 | Screen Capture | DOGCALL is capable of capturing screenshots of the victim’s machine.12 |
| enterprise | T1102 | Web Service | - |
| enterprise | T1102.002 | Bidirectional Communication | DOGCALL is capable of leveraging cloud storage APIs such as Cloud, Box, Dropbox, and Yandex for C2.12 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0067 | APT37 | 12 |