Tracking TamperedChef Clusters via Certificate and Code Reuse
ID: 9115c56b-1134-527a-b86a-c082ce071746
STIX ID: report--9115c56b-1134-527a-b86a-c082ce071746
Feed Name: Palo Alto Networks Unit 42
Executive summary: This report documents 'TamperedChef'-style campaigns—trojanized productivity applications distributed via malvertising and search ads—that use legitimate-looking sites and code-signing to evade detection, remain dormant for weeks, then retrieve and execute second-stage payloads including information stealers, RATs and proxy tooling; analysts mapped three clusters (CL-CRI-1089, CL-UNK-1090, CL-UNK-1110), thousands of samples and many code-signing entities, and provide detection, mitigation and IoCs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.