POORAIM

POORAIM is a backdoor used by APT37 in campaigns since at least 2014. [1]

ID: S0216
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1189Drive-by CompromisePOORAIM has been delivered through compromised sites acting as watering holes.[1]
EnterpriseT1083File and Directory DiscoveryPOORAIM can conduct file browsing.[1]
EnterpriseT1057Process DiscoveryPOORAIM can enumerate processes.[1]
EnterpriseT1113Screen CapturePOORAIM can perform screen capturing.[1]
EnterpriseT1082System Information DiscoveryPOORAIM can identify system information, including battery status.[1]
EnterpriseT1102Web ServicePOORAIM has used AOL Instant Messenger for C2.[1]

Groups

Groups that use this software:

APT37

References