POORAIM

Description

(FireEye) POORAIM malware is designed with basic backdoor functionality and leverages AOL Instant Messenger for command and control communications. POORAIM includes the following capabilities: System information enumeration, File browsing, manipulation and exfiltration, Process enumeration, Screen capture, File execution, Exfiltration of browser favorites, and battery status. Exfiltrated data is sent via files over AIM.

POORAIM has been involved in campaigns against South Korean media organizations and sites relating to North Korean refugees and defectors since early 2014.

Compromised sites have acted as watering holes to deliver newer variants of POORAIM.

Names

Name
POORAIM
Backdoor.APT.POORAIM

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration

Information

https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

Mitre Attack

https://attack.mitre.org/software/S0216/

Other Information

Uuid

3e017ae6-9f5a-4c0b-8720-e567567c51e3

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

POORAIM

POORAIM

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks