POORAIM

POORAIM is a backdoor used by APT37 in campaigns since at least 2014. [1]

ID: S0216
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1189 Drive-by Compromise POORAIM has been delivered through compromised sites acting as watering holes.[1]
Enterprise T1083 File and Directory Discovery POORAIM can conduct file browsing.[1]
Enterprise T1057 Process Discovery POORAIM can enumerate processes.[1]
Enterprise T1113 Screen Capture POORAIM can perform screen capturing.[1]
Enterprise T1082 System Information Discovery POORAIM can identify system information, including battery status.[1]
Enterprise T1102 Web Service POORAIM has used AOL Instant Messenger for C2.[1]

Groups

Groups that use this software:

APT37

References