Skip to content


DOGCALL is a backdoor used by APT37 that has been used to target South Korean government and military organizations in 2017. It is typically dropped using a Hangul Word Processor (HWP) exploit. 1

Item Value
ID S0213
Associated Names
Version 1.2
Created 18 April 2018
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1123 Audio Capture DOGCALL can capture microphone data from the victim’s machine.2
enterprise T1105 Ingress Tool Transfer DOGCALL can download and execute additional payloads.2
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging DOGCALL is capable of logging keystrokes.12
enterprise T1027 Obfuscated Files or Information DOGCALL is encrypted using single-byte XOR.2
enterprise T1113 Screen Capture DOGCALL is capable of capturing screenshots of the victim’s machine.12
enterprise T1102 Web Service -
enterprise T1102.002 Bidirectional Communication DOGCALL is capable of leveraging cloud storage APIs such as Cloud, Box, Dropbox, and Yandex for C2.12

Groups That Use This Software

ID Name References
G0067 APT37 12


Back to top