The DHS, FBI, and DoD malware analysis report describes BADCALL Trojan variants used by North Korean HIDDEN COBRA actors to maintain access and support network exploitation. Three Windows executables functioned as proxy servers using a Fake TLS method, while an Android APK variant extended the toolset to mobile environments. The MAR provides malware descriptions, response guidance, and mitigation recommendations so defenders can prioritize activity associated with the samples. Its operational value is in the proxy behavior, North Korea attribution context, and government-provided indicators rather than a long standalone hash list.