Malware: OutSteel

Description

[OutSteel](https://attack.mitre.org/software/S1017) is a file uploader and document stealer developed with the scripting language AutoIT that has been used by [Saint Bear](https://attack.mitre.org/groups/G1031) since at least March 2021.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

External References

• mitre-attack
• Palo Alto Unit 42 OutSteel SaintBot February 2022

Techniques Used by This Malware

• T1005 — Data from Local System
• T1020 — Automated Exfiltration
• T1036.005 — Match Legitimate Resource Name or Location
• T1041 — Exfiltration Over C2 Channel
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1059.010 — AutoHotKey & AutoIT
• T1070.004 — File Deletion
• T1071.001 — Web Protocols
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1119 — Automated Collection
• T1204.001 — Malicious Link
• T1204.002 — Malicious File
• T1566.001 — Spearphishing Attachment
• T1566.002 — Spearphishing Link
• T1570 — Lateral Tool Transfer

APT Groups Using This Malware

• Saint Bear