← Back to Actors
Saint Bear
Saint BearStorm-0587TA471UAC-0056Lorec53
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool, [Saint Bot](https://attack.mitre.org/software/S1018), and information stealer, [OutSteel](https://attack.mitre.org/software/S1017) in campaigns. [Saint Bear](https://attack.mitre.org/groups/G1031) typically relies on phishing or web staging of malicious documents and related file types for initial access, spoofing government or related entities.(Citation: Palo Alto Unit 42 OutSte...
18
Techniques
18
Covered
0
Gaps
100%
Coverage
Coverage18/18
COVERED (18)
T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File7 det.T1059Command and Scripting Interpreter462 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.007JavaScript58 det.T1112Modify Registry197 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1497Virtualization/Sandbox Evasion12 det.T1553.002Code Signing3 det.T1562.001Disable or Modify Tools300 det.T1566.001Spearphishing Attachment850 det.T1583.006Web Services1 det.T1589.002Email Addresses2 det.T1608.001Upload Malware2 det.T1656Impersonation172 det.