DOGCALL
APT37 is an Advanced Persistent Threat group that is believed to have a close connection with the North Korean government. The group's targets are often South Korean individuals involved in the government and military sectors, and the purpose of the attacks is to exfiltrate information from the victims. One of the tools used during these campaigns is DOGCALL, a backdoor Trojan that allows attackers to execute a wide range of harmful actions on the compromised system. The first traces of DOGCALL's activity were detected during August 2016, and the threat has become an important part of APT37's campaigns since then.
The DOGCALL Backdoor Used against South Korean Targets
Some of the more notorious operations in which DOGCALL's services were employed targeted the South Korean government and military organizations in 2017. The malware was delivered via bogus email attachments (in the form of a Microsoft Office document), which executed a corrupted script when opened. The script initialized an obfuscated piece of shell code, which served the purpose of decrypting and starting DOGCALL's payload.
The primary purpose of DOGCALL is to provide its operators with long-term access to the compromised host, as well as to allow them to execute a wide range of operations:
- Capture screenshots of the desktop or active windows.
- Initialize a keylogger.
- Execute remote commands.
DOGCALL Infections were Followed by the Destructive RUHAPPY Disk Wiper
DOGCALL also employs basic anti-virus-evasion and sandbox-evasion techniques, which have made its samples a tad more difficult to identify and analyze. In some cases, computers infected with the DOGCALL backdoor were later damaged by RUHAPPY, a wiper tool that APT37 is known to use.
While APT37 (a.k.a ScarCruft) has not attracted as much media attention as the Lazarus group, it is still a North Korean threat actor that is a major threat to South Korean and Middle Eastern targets. Its rich toolkit and advanced infection strategies have helped it establish itself as one of the top Advanced Persistent Groups active at the moment.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.