CL-CRI-1089
Also known as TamperedChef, EvilAI, TamperedChef variant
Reports
3
First seen
May 20
Last seen
Jun 4
Motivation
financial, credential theft, adware distribution, p
Top ATT&CK techniques
T1547 Boot or Logon Autostart Execution ×3T1566 Phishing ×3T1204 User Execution ×3T1041 Exfiltration Over C2 Channel ×3T1071 Application Layer Protocol ×3T1005 Data from Local System ×3T1112 Modify Registry ×3T1059 Command and Scripting Interpreter ×2T1218 System Binary Proxy Execution ×1T1003 OS Credential Dumping ×1T1027 Obfuscated Files or Information ×1T1185 Browser Session Hijacking ×1
Indicators
domain ×15hash_sha256 ×11filename ×2
Indicator values are available on Pro and via the API.