OutSteel

OutSteel is a type of malware, specifically a document stealer and file uploader, developed using the scripting language AutoIT. It was first highlighted by CERT-UA in January 2022 for its use in spear-phishing attacks against government entities, alongside another malware known as SaintBot. These malicious programs can enter systems through suspicious downloads, emails, or websites, often without user awareness, and once inside, they can steal personal information, disrupt operations, or even hold data hostage for ransom. The OutSteel malware operates by downloading SaintBot and executing rmm.bat. An analysis of an attempted spear-phishing attack payload, which included the SaintBot downloader and the OutSteel document stealer, suggests that the threat group's objectives for this attack were likely focused on exfiltrating data from energy organizations. The primary goals of this threat group, inferred from their use of OutSteel, seem to be data collection on government organizations and companies involved with critical infrastructure. Users of the AutoFocus contextual threat intelligence service can view malware associated with these attacks using the SaintBot, SaintBot_Loader, and OutSteel tags. By identifying and understanding these threats, organizations can better protect themselves from potential attacks. However, due to the stealthy nature of such malware, it remains crucial to maintain robust cybersecurity measures, including regular system checks, secure browsing habits, and updated anti-malware software.