Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

OutSteel

OutSteel is a file uploader and document stealer developed with the scripting language AutoIT that has been used by Ember Bear since at least March 2021.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

ID: S1017

Type: MALWARE

Platforms: Windows

Version: 1.0

Created: 09 Jun 2022

Last Modified: 09 Jun 2022

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	OutSteel has used HTTP for C2 communications.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	OutSteel has used `cmd.exe` to scan a compromised host for specific file extensions.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )
Enterprise	T1070	.004	Indicator Removal: File Deletion	OutSteel can delete itself following the successful execution of a follow-on payload.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	OutSteel has been distributed as a malicious attachment within a spearphishing email.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )
		.002	Phishing: Spearphishing Link	OutSteel has been distributed through malicious links contained within spearphishing emails.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )
Enterprise	T1204	.001	User Execution: Malicious Link	OutSteel has relied on a user to click a malicious link within a spearphishing email.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )
		.002	User Execution: Malicious File	OutSteel has relied on a user to execute a malicious attachment delivered via spearphishing.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

ID	Name	References
Groups That Use This Software
G1003	Ember Bear	(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

References

Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

OutSteel

Techniques Used

Groups That Use This Software

References