CL-CRI-1089

Also known as TamperedChef, EvilAI, TamperedChef variant
Reports
3
First seen
May 20
Last seen
Jun 4
Motivation
financial, credential theft, adware distribution, p

Top ATT&CK techniques

T1547 Boot or Logon Autostart Execution ×3T1566 Phishing ×3T1204 User Execution ×3T1041 Exfiltration Over C2 Channel ×3T1071 Application Layer Protocol ×3T1005 Data from Local System ×3T1112 Modify Registry ×3T1059 Command and Scripting Interpreter ×2T1218 System Binary Proxy Execution ×1T1003 OS Credential Dumping ×1T1027 Obfuscated Files or Information ×1T1185 Browser Session Hijacking ×1

Indicators

domain ×15hash_sha256 ×11filename ×2

Indicator values are available on Pro and via the API.

Recent reports

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.