SYMBOLCOMMON_NAMEaka. SYNONYMS
win.chisel (Back to overview)

Chisel

Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor.
Github: https://github.com/jpillora/chisel

References
2022-09-12Arctic WolfMarkus Neis, Ross Phillips, Steven Campbell, Teresa Whitmore, Alex Ammons, Arctic Wolf Labs Team
@online{neis:20220912:chiseling:58925b9, author = {Markus Neis and Ross Phillips and Steven Campbell and Teresa Whitmore and Alex Ammons and Arctic Wolf Labs Team}, title = {{Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free}}, date = {2022-09-12}, organization = {Arctic Wolf}, url = {https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/}, language = {English}, urldate = {2022-09-15} } Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free
Chisel Lorenz
2022-04-18SentinelOneJames Haughom
@online{haughom:20220418:from:b73f12b, author = {James Haughom}, title = {{From the Front Lines | Peering into A PYSA Ransomware Attack}}, date = {2022-04-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-peering-into-a-pysa-ransomware-attack/}, language = {English}, urldate = {2022-04-20} } From the Front Lines | Peering into A PYSA Ransomware Attack
Chisel Chisel Cobalt Strike Mespinoza

There is no Yara-Signature yet.