OutSteel

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
OutSteel is a type of malware, specifically a document stealer and file uploader, developed using the scripting language AutoIT. It was first highlighted by CERT-UA in January 2022 for its use in spear-phishing attacks against government entities, alongside another malware known as SaintBot. These malicious programs can enter systems through suspicious downloads, emails, or websites, often without user awareness, and once inside, they can steal personal information, disrupt operations, or even hold data hostage for ransom. The OutSteel malware operates by downloading SaintBot and executing rmm.bat. An analysis of an attempted spear-phishing attack payload, which included the SaintBot downloader and the OutSteel document stealer, suggests that the threat group's objectives for this attack were likely focused on exfiltrating data from energy organizations. The primary goals of this threat group, inferred from their use of OutSteel, seem to be data collection on government organizations and companies involved with critical infrastructure. Users of the AutoFocus contextual threat intelligence service can view malware associated with these attacks using the SaintBot, SaintBot_Loader, and OutSteel tags. By identifying and understanding these threats, organizations can better protect themselves from potential attacks. However, due to the stealthy nature of such malware, it remains crucial to maintain robust cybersecurity measures, including regular system checks, secure browsing habits, and updated anti-malware software.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Phishing
Windows
Chrome
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NodariaUnspecified
1
Nodaria (UAC-0056), a Russia-sponsored threat actor, has been active since at least March 2021, primarily targeting Ukraine but also known to have targeted entities in Kyrgyzstan and Georgia. Initially relatively unknown, Nodaria's activities escalated significantly following the Russian invasion of
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the OutSteel Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
CERT-EU
a year ago
Russian Hackers Using Graphiron Malware to Steal Data from Ukraine