Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor.
|2022-04-18 ⋅ SentinelOne ⋅ |
From the Front Lines | Peering into A PYSA Ransomware Attack
Chisel Chisel Cobalt Strike Mespinoza
There is no Yara-Signature yet.