RokRAT
Also known as: DOGCALL
It is a backdoor commonly distributed as an encoded
binary file downloaded and decrypted by shellcode following the
exploitation of weaponized documents. DOGCALL is capable of
capturing screenshots, logging keystrokes, evading analysis with
anti-virtual machine detections, and leveraging cloud storage APIs
such as Cloud, Box, Dropbox, and Yandex.
Linked Threat Actors
APT37
C2 Infrastructure
Hosting/VPS90%
Business10%
Last 7 days
May 14, 2026
C2 Hosts: 1
May 13, 2026
C2 Hosts: 3
May 12, 2026
C2 Hosts: 5
May 11, 2026
C2 Hosts: 5
| Date | C2 Hosts |
|---|---|
| May 14, 2026 | 1 |
| May 13, 2026 | 3 |
| May 12, 2026 | 5 |
| May 11, 2026 | 5 |