← Back to Actors
Saint Bear
Saint BearStorm-0587TA471UAC-0056Lorec53
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool, [Saint Bot](https://attack.mitre.org/software/S1018), and information stealer, [OutSteel](https://attack.mitre.org/software/S1017) in campaigns. [Saint Bear](https://attack.mitre.org/groups/G1031) typically relies on phishing or web staging of malicious documents and related file types for initial access, spoofing government or related entities.(Citation: Palo Alto Unit 42 OutSte...
20
Techniques
19
Covered
1
Gaps
95%
Coverage
Coverage19/20
GAPS (1)
COVERED (19)
T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File8 det.T1059Command and Scripting Interpreter486 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.007JavaScript61 det.T1112Modify Registry203 det.T1203Exploitation for Client Execution75 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1497Virtualization/Sandbox Evasion12 det.T1553.002Code Signing3 det.T1562.001Disable or Modify Tools311 det.T1566.001Spearphishing Attachment905 det.T1583.006Web Services1 det.T1589.002Email Addresses2 det.T1608.001Upload Malware3 det.T1656Impersonation184 det.T1685Disable or Modify Tools278 det.