Skip to content


POORAIM is a backdoor used by APT37 in campaigns since at least 2014. 1

Item Value
ID S0216
Associated Names
Version 1.1
Created 18 April 2018
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1189 Drive-by Compromise POORAIM has been delivered through compromised sites acting as watering holes.1
enterprise T1083 File and Directory Discovery POORAIM can conduct file browsing.1
enterprise T1057 Process Discovery POORAIM can enumerate processes.1
enterprise T1113 Screen Capture POORAIM can perform screen capturing.1
enterprise T1082 System Information Discovery POORAIM can identify system information, including battery status.1
enterprise T1102 Web Service -
enterprise T1102.002 Bidirectional Communication POORAIM has used AOL Instant Messenger for C2.1

Groups That Use This Software

ID Name References
G0067 APT37 1


Back to top