HOMETHREATSBirdCall
APT / THREAT GROUP

BirdCall

2
aliases
Last seen:Jun 11, 2026

Intelligence Profile

According to ESET Research, BirdCall is a Windows backdoor written in C++ that provides a wide range of spying capabilities, including taking screenshots, logging keystrokes and clipboard content, stealing credentials and files, and executing shell commands. It is typically deployed in a multistage loading chain with a downloader that fetches and executes shellcode, at times loaded by a RokRAT payload, and then replaces a trojanized library with a clean version to hinder analysis. For C2, BirdCall uses legitimate cloud storage services or compromised websites to enable bidirectional communication and data exfiltration.

Threat Analysis

BirdCall is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning BirdCall

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

BirdCallwin.birdcall

External Intelligence

Malpedia: win.birdcall

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.