Register to stream ATT&CKcon 2.0 October 29-30


POORAIM is a backdoor used by APT37 in campaigns since at least 2014. [1]

ID: S0216
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1189 Drive-by Compromise POORAIM has been delivered through compromised sites acting as watering holes. [1]
Enterprise T1083 File and Directory Discovery POORAIM can conduct file browsing. [1]
Enterprise T1057 Process Discovery POORAIM can enumerate processes. [1]
Enterprise T1113 Screen Capture POORAIM can perform screen capturing. [1]
Enterprise T1082 System Information Discovery POORAIM can identify system information, including battery status. [1]
Enterprise T1102 Web Service POORAIM has used AOL Instant Messenger for C2. [1]

Groups That Use This Software

ID Name References
G0067 APT37 [1]