Skip to content


ELMER is a non-persistent, proxy-aware HTTP backdoor written in Delphi that has been used by APT16. 1

Item Value
ID S0064
Associated Names
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols ELMER uses HTTP for command and control.1
enterprise T1083 File and Directory Discovery ELMER is capable of performing directory listings.1
enterprise T1057 Process Discovery ELMER is capable of performing process listings.1

Groups That Use This Software

ID Name References
G0023 APT16 1


Back to top