Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

ELMER

ELMER is a non-persistent, proxy-aware HTTP backdoor written in Delphi that has been used by APT16. [1]

ID: S0064
Aliases: ELMER
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1043Commonly Used PortELMER uses HTTP over port 443 for command and control.[1]
EnterpriseT1083File and Directory DiscoveryELMER is capable of performing directory listings.[1]
EnterpriseT1057Process DiscoveryELMER is capable of performing process listings.[1]
EnterpriseT1071Standard Application Layer ProtocolELMER uses HTTP for command and control.[1]

Groups

Groups that use this software:

APT16

References