Malware: StealBit

Description

[StealBit](https://attack.mitre.org/software/S1200) is a data exfiltration tool that is developed and maintained by the operators of the the LockBit Ransomware-as-a-Service (RaaS) and offered to affiliates to exfiltrate data from compromised systems for double extortion purposes.(Citation: Cybereason StealBit Exfiltration Tool)(Citation: FBI Lockbit 2.0 FEB 2022)

External References

• mitre-attack
• Cybereason StealBit Exfiltration Tool
• FBI Lockbit 2.0 FEB 2022

Techniques Used by This Malware

• T1005 — Data from Local System
• T1027.013 — Encrypted/Encoded File
• T1030 — Data Transfer Size Limits
• T1070.004 — File Deletion
• T1071.001 — Web Protocols
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1095 — Non-Application Layer Protocol
• T1106 — Native API
• T1140 — Deobfuscate/Decode Files or Information
• T1480 — Execution Guardrails
• T1559 — Inter-Process Communication
• T1562.006 — Indicator Blocking
• T1614.001 — System Language Discovery
• T1622 — Debugger Evasion