Cyber Security

Pooraim Threat Report: What is it and How Does it Work?

According to the information provided, Pooraim is a backdoor used by the APT37 cyberespionage group in campaigns dating back to at least 2014. The backdoor is designed to work on the Windows operating system and uses AOL Instant Messenger for communication between the attacker and the victim. Pooraim is capable of gathering system information, enumerating processes, taking screenshots, and browsing files. The backdoor has been delivered to victims via compromised websites that act as watering holes.

Pooraim Malware Capabilities:

  • Pooraim may collect system and hardware information, as well as information on running processes, in order to determine which systems to fully infect and which actions to take. This information may be obtained through automated discovery, using existing web services as a means of communication.
  • Pooraim may attempt to take screen captures of the desktop to gather information over the course of an operation. Additionally, Pooraim may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Finally, Pooraim may gain access to a system through a user visiting a website over the normal course of browsing.

Ways to Mitigate Pooraim Malware Attacks Capabilities

  • Pooraim malware attacks can be mitigated by analyzing network data for uncommon data flows, and by user behavior monitoring to detect abnormal patterns of activity. System and network discovery techniques can help to identify potential malicious activity.
  • The article discusses how Pooraim malware attacks can be mitigated. System and network discovery techniques should be used to identify unusual behavior that could indicate malicious activity. Firewalls and proxies can inspect URLs for known-bad domains or parameters, and reputation-based analytics can be used to identify potentially malicious websites.

Pooraim is a malware backdoor that has been used by APT37 since 2014 to infect Windows computers. It can identify system information and enumerate processes. It can also take screenshots and conduct file browsing. It is usually delivered through compromised websites. Credit: Shutterstock

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Loading...
Back to top button