Reconnecting to live updates…

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

Severity: mediumType: campaign

TamperedChef is a sophisticated global malvertising and SEO-driven campaign that delivers malicious payloads via seemingly legitimate, digitally signed installers. It leverages social engineering, malvertising, and abused code-signing certificates obtained through U. S. -registered shell companies to evade detection and increase user trust. The campaign primarily targets healthcare, construction, and manufacturing sectors, establishing persistence and deploying obfuscated JavaScript for remote access and control. Attackers may use this access for credential theft, ransomware preparation, or espionage. Although currently concentrated in the Americas, European organizations in similar sectors are at risk due to the campaign's stealth and persistence techniques. Mitigation requires enhanced scrutiny of signed applications, network monitoring for unusual JavaScript execution, and strict controls on software installation sources. Countries with significant healthcare and manufacturing industries, such as Germany, France, and the UK, are most likely to be affected. Given the medium severity rating and the complexity of exploitation, the threat is assessed as high severity for European contexts due to potential impact and stealth.

AI Analysis

Technical Summary

TamperedChef is a global cyber campaign that uses malvertising and SEO tactics to distribute malicious installers masquerading as legitimate applications. These installers are digitally signed using certificates acquired and rotated through a network of U.S.-registered shell companies, which helps evade traditional security detection mechanisms that trust signed code. Once installed, the malware establishes persistence on the victim system and executes obfuscated JavaScript payloads that enable remote access and control. The campaign employs social engineering to lure victims into downloading these installers, leveraging malvertising and SEO to increase visibility and perceived legitimacy. The JavaScript payloads facilitate credential theft, remote control, and potentially prepare the environment for ransomware deployment or espionage activities. The campaign primarily targets healthcare, construction, and manufacturing sectors, which are critical infrastructure and business sectors with sensitive data and operational technology. Although the campaign is currently concentrated in the Americas, the techniques used and sectors targeted pose a significant risk to European organizations with similar profiles. The use of code-signing certificates from shell companies is a notable evasion technique, complicating detection and response. The campaign’s persistence mechanisms and obfuscated payloads increase the difficulty of forensic analysis and remediation. No known exploits are publicly reported, but the campaign’s sophistication and stealth indicate a well-resourced adversary. The threat is rated medium severity by the source, but the combination of persistence, credential theft, and potential ransomware preparation elevates its risk profile.

Potential Impact

For European organizations, particularly those in healthcare, manufacturing, and construction, TamperedChef poses a significant risk due to its ability to bypass traditional security controls via trusted code-signing certificates. Successful compromise can lead to persistent remote access, enabling attackers to steal sensitive credentials, disrupt operations, or deploy ransomware. This can result in data breaches, operational downtime, financial losses, and reputational damage. The stealthy nature of the campaign complicates detection, increasing the likelihood of prolonged undetected presence within networks. Given the critical nature of the targeted sectors, the impact could extend to patient safety in healthcare or supply chain disruptions in manufacturing and construction. Additionally, the use of obfuscated JavaScript payloads and social engineering increases the attack surface and potential for lateral movement within networks. European organizations may also face regulatory and compliance repercussions if breaches occur, particularly under GDPR. The campaign’s use of shell companies to obtain certificates suggests a persistent and adaptive adversary capable of evolving tactics, which may lead to sustained threats over time.

Mitigation Recommendations

1. Implement strict application whitelisting policies that verify not only the presence of code-signing certificates but also the reputation and origin of the certificates, including monitoring for certificates issued to suspicious or shell companies. 2. Enhance endpoint detection capabilities to identify obfuscated JavaScript execution and unusual persistence mechanisms, leveraging behavioral analytics and heuristic detection. 3. Conduct regular user awareness training focused on recognizing social engineering and malvertising tactics, emphasizing caution with installers even if digitally signed. 4. Employ network segmentation to limit lateral movement and restrict access to critical systems, especially in healthcare and manufacturing environments. 5. Monitor DNS and web traffic for SEO and malvertising indicators linked to the campaign, using threat intelligence feeds to update detection rules. 6. Enforce strict controls on software installation sources, including blocking downloads from untrusted or suspicious domains and using sandboxing for unknown installers. 7. Regularly audit and revoke any suspicious or unused code-signing certificates within the organization. 8. Maintain up-to-date endpoint and network security solutions capable of detecting persistence techniques such as scheduled tasks (T1053.005) and remote access tools. 9. Prepare incident response plans that include rapid containment and forensic analysis capabilities to address stealthy infections. 10. Collaborate with industry information sharing groups to stay informed about emerging indicators related to TamperedChef.

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden

Indicators of Compromise

url: http://download.playthesolitaire.com/d/Solitare.exe
url: https://download.classic8ball.com/d/classic8ball.exe
url: https://download.gocookmate.com/d/gocookmate.exe
hash: 01dbf572dd922646c07413cdc5fe4033
hash: 10bd14c9fc9e9f6025c839f8fa2adc04
hash: 140c9606e6241709cd3e32808adaf37a
hash: 1442475efec95ae1939fa09071603c39
hash: 176eb30040869fb57d26d514e02c63d2
hash: 185a909367272507e52d59ad35fd7d20
hash: 193c2f90459964d611073e5c99bbdb7f
hash: 1f5dda7f77943a5523e32f233639d05f
hash: 2103c97c65b941bc8ff3b0daa19aae19
hash: 22eb8728dc9aee6a245b7866808b04c3
hash: 232f197f90f57c58946137b977c063f3
hash: 2518a0b7b7ed90a2afd40a1bc18f9652
hash: 287de08218ea23f7e795da3caf525bb6
hash: 296690fcb018a76cbfd5c9a16123a575
hash: 2a4a866a73ce8e96547b2a18b572ef76
hash: 2c8508dcce097a55dcd90f97b076ad4d
hash: 3721f97ef3caaede98c3185b6c7976a3
hash: 45913a32740f343db1e8b1be1d713cfe
hash: 45e2df8ec79592f70e9ce3b15eebb1f0
hash: 488021d75bec7696601ed59c274da141
hash: 4bcd12a14a82a686bc794a79f4fea437
hash: 4ea2654e2c733e4037c20ca0e3e9a8b8
hash: 5276789f062e9c58fe0d0fd282f4c8be
hash: 58041d09789fd3e4efcb79081d21c9c4
hash: 602ddeff54cf393b745952eb2863c6d8
hash: 6231af76f9869a4dbaa63879181e1737
hash: 6693f0b8de381d85e6e79f5aa0a6439a
hash: 6804013a59dc5a4ce14c74babf72ea94
hash: 6d67c17cc52fc58b1a87f18476c2acfe
hash: 799e22bf5e1ddba13ebb7b657abbf515
hash: 7e1b25ccbbab57ea1f222cc0c2e87a8b
hash: 8374a22a26560f1d97ebcd30f88d5760
hash: 85e25a777e7b6b9b06d5114345b14352
hash: 8923b48dd6eb96010706d23c3cbe0e8a
hash: 895e24527b10897fbfdf661d26d15e70
hash: 8cbacfd815453f54782c1bdfe422914c
hash: 8d60d12791d3a15308f61c403a3a7902
hash: 90ac5156d701bbc7e0440276449b0a49
hash: 935941bbdc23adc6b4275cb0e58429f3
hash: 961f346deb28540daa0a2e2f42ded18c
hash: 9aec197c4ea538da391f04067c5c950a
hash: 9caeb82ce8ab736952e40cab08ba4994
hash: 9dfe1a0a220e22cbe0a53cf70f6eca01
hash: a9adc705fb0e2f0e6668038f3baa0003
hash: ac5b92d5cd1ef266d5fca3d02424f8ca
hash: b2692128faa0481ff94ed61c73f76a67
hash: b44d7fb078589ae671f1dcce97c790ef
hash: b91775695212ad5b363bd1b66e760314
hash: c35cb8e4ce9ae9e11509f241d40e99bf
hash: c7bca800054ed551223562f730d5511c
hash: c900877156d21f228d8dd555241e75f0
hash: cbf3833005e390fbb3e6445088c8e64f
hash: cfec0f1dc21eed72544ddc09c96f3472
hash: d4ac35914e8cc307c6e972214b3218c8
hash: dace6478266cc9e25166d9247fb10fb9
hash: e145b47680a8f1f9aa7a7c1cfeb0fd78
hash: e61b911d99949410adf9a403f6fca53d
hash: f48e58a8e3b846c7e4823228098073fe
hash: f6e7b560735df83efa3f10982af991fc
hash: f7dfa107eca428ea0cdd9fbb1a46b7b9
hash: f864aefc158694028f2efe295caaf6f5
hash: 01ede2327fcf1f9289af1491a11e0d182445649d
hash: 062958fff1e7369f0c96f09cbd46f1ae63d2885f
hash: 0c843c2d6a15bdae7152d11d15f6f3895d830ccd
hash: 0cda086c7c529a31bbfb59b698d2010eb440e48a
hash: 100211034eabbcfdbf810c4db696fcd9e0b98b0f
hash: 11a17f4a51da76a40a9bb57ec77aa10e6791ffa8
hash: 1549be69313a9be2a942f7914b107dd2c84a0c5e
hash: 18594a6047e4038a5b6f98e02c46a5d4b1b558b8
hash: 1ef153573b544bdd64246b2fba7f2dc1b3b51c18
hash: 21f55a2276429a2a7640a00567cb98f940388435
hash: 22887370ba325d204a210635461fff0cce5043c7
hash: 2bc0721c4255e15bcf3bc8ad7329f6e3a2fc0f93
hash: 2ccdaca93257eaa60325be0f5408a3f89e999cf8
hash: 3a8473e9a9b85865b79f099584055a51546e703b
hash: 3ca308d72500434918caca457870985eb3848c97
hash: 4071e3b7faa607f2bb64e7716987bc35a7787a11
hash: 41f10f35ff524d2f9f3751865bc07e84966be27d
hash: 435fe341b9abd6810243425de1ff978aef0edb25
hash: 4758b2ea41f2fa2d23559fd0b453cf0d9de4f24f
hash: 48f86916888d80c2aee306e5199ec35899ac3e06
hash: 5228e5f74507a56021fc73e1c37fd4f4baee59e3
hash: 533cbd6a73536a5f4bb776ac11af8b3d42b4d6c4
hash: 61ca26f402efc5f7ac717b6f4960706b20d644eb
hash: 623abe5af67aca2615592f6c602976ec3997a2b5
hash: 6922ea401def21f8ad31eefe38bc8440bae77d5d
hash: 6a9f1198951dc2d23cd79f317b57d1d86af4af89
hash: 6b02f631557673043d2e1487b853c4cabbe8b284
hash: 6f3949089e39ca679e28ffccfc564db0b9a0157d
hash: 72751048f397626483be71c6c856a059674f85ae
hash: 736eb11847fb4133f42e001684ab6603b8f16e6f
hash: 88b26a8e2377ed1f8d0c9de79a3c810032a5b66b
hash: 8a91094d4da47e2bdcd2136f1757c57bf4bbdbac
hash: 8ccfcab17059002c3837bfefb185db5fbb3f8155
hash: 9a395a8a85c5972cd0edf512e60da014dc9f6d10
hash: a5c87e3e38c023076a3376f4fbf98d2a66b06139
hash: a65e2e354343f07424bb669dbf09a552bdf397e1
hash: a834ef45162dcf4b24b9207788418c0a3c02aa16
hash: a8b2b235e756a0bb719b9f62ad487970ef630b13
hash: a92c0058cfd66916c3997cd44b326bf5e80b3200
hash: a93907e77340e4aadcc66e1afb9d342789f0cbd1
hash: adb99bb8bef982572347a924b7796b4fa3e72af2
hash: ae8f72a8f5663096a2e05493e21445bc414c3c07
hash: b0306b7f6446b0a6b14116b1d19fcf655a0fe39a
hash: b1d7709f66c3c5384b47c7b59de7ddf64d4afa32
hash: b966d657e72dcb301d6b95e6f4ce2a5035883930
hash: bfa1595e48a63c456a23309c9d596e82baf18645
hash: c2ab4557c88ea7f405a10c003951927683c9b463
hash: c32224ee93a7facb366aaa8398a912b79bc28502
hash: c85b4165110be30584bced87b1631ba5694bccd3
hash: cae036a4c216390aadae561f455b6c883b46c927
hash: cd080b96555523b09c41b026d4e323b35b1db206
hash: d421cff282e4f84cf0ecdd9de9355ca93cdf9491
hash: db33b2b39ad206a60a54a42912ba5737258d4b19
hash: dccff7f4e377ab928127cc61c1f29b14b7ccb335
hash: e5507e8a97d1585ae354cebfc79f8c2d1255d3ae
hash: e5f2490f450b785b3cd8a9c4005aaa212c23fea9
hash: ebdcf37e5bec0cdcb963729afb7df623941bb0c9
hash: f10743a6ecfcd8ed0c13e276154efb7c8aa79d8e
hash: f45fa2c31e20ea24541dea3f79f79c6843b6c9aa
hash: fca9e9d4a9b52c374f8a0c0f5956b485a75c6ad6
hash: ff650de517186b1602bad7344a9251e6e6d4dfe6
hash: 035e7dd115afc47704db586a61aa9c189cde7228e752e0491352930f20d97dcc
hash: 05d9f4426ad77fcf73a357a4f5ca1d0cf9ceccf44117c1bc829afb79a2f8671b
hash: 06555b8bf3bdf36bf36b4e6a4f5298da732207867c57961a1cb14a14f845e25f
hash: 073bd7acf920d7c90fc130213a43b46e5e082e86e1506309c5818df1b4df2a97
hash: 091d3bf2f0f6dc08b23151b5acd7cf53217d1ed2812e507d96dc467d9d3092d6
hash: 0abd1e39e17fa99366c8f1cc9171730867b6e86f6362b0492a090170f0305e55
hash: 0ad487d3bd904ade98b505bdd891d1a19665159b0e579696ac0b6a82e9f80617
hash: 0b90c3ef5bc8918c334638f2f11100a992fafbca7e16934652b70f3b2579131b
hash: 0bf92be9bb3989d78ce9f345df190a543eb984cc5479928399b4610d5d94c41f
hash: 113b23c062229aa57dfef68631f85f615e61673024b73cb9c0f5269b712610fa
hash: 14577f1a8d5ea9f5f255b456f0f69fe4e3a1cba82d707de28b3ca25410393c17
hash: 167359b715610003752cbc89b122a6df97e501304cb4a1ee94a6e75ebf51d6d6
hash: 16e9cf18961ed32613c69d5d4c0f54eb0f051e40a431121bc8fe6de9b3f64b01
hash: 1925e877ce6492a7d1293f3f6f4dcbc70ca3c74bbf42ae2ba80e1b5a2e0925d1
hash: 19d61d0a67207debfb21af2bf8774e010796e5d41f986848d63169c68cc7fa86
hash: 1a58c5b8b79f3ed90d43b4d117b01eb32e27b8235d9b3ceda4803a57e6250596
hash: 1d2027b35978be2a92f27203941f51d9352d56f3cf83f131f9824a7f0891a692
hash: 1e1cbfe91aa9be47480df265f6b5a0fed2f99116bcaa5e6e98689e3498616f84
hash: 1fc4819fcf2522622fd846bf4abcd03ae02adf41366b9911fe7bb30f2a4dc4b7
hash: 218a3a2e60779c4b4f1c83467f93d7b5c405b9acb799b4b2cdaacb7b26cd48a1
hash: 21b8c5dabbe910a4c1ada58534e01580eb600a1ab0b8f105e5f8609bdc7f6c42
hash: 2355ee5283fe7171d5d74302eb7f4e371e2e76c52eb3f07ff3a954a854ae8e4e
hash: 25575ffd50528952865b2b1df354461148474606c1adc68c0f140e3dcab10362
hash: 2cd68ea7f02e8cfaded52d64c2cb71b64560b3799c948960db37e827618ff22d
hash: 3075a2f60611fcfc763059f95f5577999d5bbc39dd33aa9b5b8bc8219c6f2ae4
hash: 30d21ea26917366654f606a8577b430cafe03654432cc97598fad30d16157e2c
hash: 315c2c6654cc4a29597ffc2c5694e38385e67b3f8b149960874a539836c5773d
hash: 335a7383867b0da0731968363956d6f31116460b1f9060d0e8c79ff735211733
hash: 33fb19d5d9c0ca8bea177722807560005c4c2a0533ce3356efdcefc6e93cebff
hash: 3466810f091a29be4380a634e3aa3f0bafef0b36041abf9ba90a72b4085433d3
hash: 3697f763980e594c83d708b43c410f753134e83baf33f822bba36133e0b1eafc
hash: 3731b729ffc4aaa42bacb56e0340e29d3b0cb5d14f287bc281ecb716eba0d8d1
hash: 3826e54318e80e8942bd9b8ab347f560d5dd9741276fec5a26d3eee862516767
hash: 3c34ec7e666c853465058b96421c018d93e532350547a90a6f68c7db5414a4b1
hash: 3c51ca74e721e5e177c5a8495131d7a65ea6733ea8e8875ba3e1ce0270a136b7
hash: 3cccbe2e524cb458ea48c108e36efabbf36c76cf30c80b64f52acf8b7b113de9
hash: 3cfd405d7e7f3d7af3d9be6387828fc14d6c24be6ea0651e18a8a63f1cd164cb
hash: 467876a203eb2c2b01b2d58f1e00271cb6bb75834af08a67e2c69fa0e4788ea5
hash: 483657b8b1f3b81540d05842331bc3a564f77f22017ee5abeeffc0e832efcf6f
hash: 4967262d1b136bb77be89a2e15c732a9edcc0377b6aaa88a6abecf5a4f8b9215
hash: 4d2bb8c9d995d52dd2ef763af7158bd8f7ff6a59c4004ea38ff0eef684c78381
hash: 512735bb19571707ab484cdfdb2cba74f5a8fdd9e415a8ea8ccf5c1f326f9a4e
hash: 51d876d638a6155572f8cbd42cdd8ae61c84b1816438bc53eb40534f7a92bb69
hash: 52d234e085c8bf67fa9d338cc5621f17d4ebe166f180896185e5f28c2655c811
hash: 5a0e37f70f9ce00ba40edfb4e6d11e87ea6bd0edecf6f604029ef98aa2bd33e9
hash: 5c8f276286c2b588fb15b72e8b20c051ae84ed26d93187eaea41b3ba8faa8954
hash: 6c0178a70759eadeb6f88a2c6bc4a217f1aba2ebdadd132610fe86d3994c2a66
hash: 6ea919c991b29ac78d80b9b6080c380a3e53813e1a2b0c3e576763a3ec22ef05
hash: 71273af47ee2792b68320054ebf44d2dfe4cbe7825c0aedc5a9b65abb5744851
hash: 7364b8cefd46a8ff918df679066fb8041b98a3e57a09f782ad6f8757fabf56cd
hash: 760663fd61c55f112186151721425857a485ec6a1db1b2cb8b41bba9ed40af1e
hash: 7fe170dc2ca9f333a177d7d2a5f6fee9e674164e7b46b2c2590c49be1aa9fe05
hash: 80f90b9e563e1cfe981a9faf24c9430198bb15916a2dc5e75d14227a8fab9cb6
hash: 822f5dcfe7350d259594d92128ba9fc2b7620aa33b571d8af8a87945d8909026
hash: 82c452855e3d41cb1a3396e8e1aed7e26812f127ef31c93a8f375e1acb458ff5
hash: 840b1e76961836f3af79bf4d0a68d426c764587173a8f308d3e6012393c6a9f8
hash: 8ecd3c8c126be7128bf654456d171284f03e4f212c27e1b33f875b8907a7bc65
hash: 8fb8d1df307f58db070eb5aa82a3ef3a41512d2aa73278d574ab32e55123488a
hash: 94dc4138bfabf6a3e7cefffc5f5062fe0ac31384bae4ad78f27557ddb29f6eae
hash: 94fbb9cc3af0d9ec25d415e35ec65491d6182e452265c854e125cfd94227a53d
hash: 9a77a653ed5c2ec0f9c00019ef6a5cf6153335fcb636c5e56edc3ccd7ad12cd2
hash: 9b21cb18aafa50339563af4ae211688846bcb030d43644e251da9d0bad2c9072
hash: 9b8bc1df9b891a166de9aefc58fe2ae04fb238f97aa90405617ff9e7501c99a8
hash: 9f5538afb90dfb0eac126808868a65403a09758b63e3688ef17df1de27782813
hash: 9f948215b9ee7e7496ce3bc9e46fda56b50cc8905b88535225c7651007f660d5
hash: 9fb1dc56a042e6eca786f3aaa7b21d148dfb8276f6cc2cdb867408b20117f547
hash: a0dae9b551026295575dcf4b1f668069b8fe8119458e792e8293299a74e79436
hash: a16cbf9ab535d4ad628b583ec3e026799f38bb50b98c495333302f7b804390ea
hash: a16ecfcf5e6d7742f0e642309c3a0bf84eaf21962e663ce728f44c93ee70a28e
hash: a5187cbb42b0e0dfb747c8fe86638dc68be9915ec112f7f6f72c8f3735489c76
hash: a67cd1ea41484edfca83f53c1f1c8d21717335e8cff2a00dce1c79ff5b48cb2a
hash: a7fbbb0393e36bc70b6eafb967a3b11a65c442090da1840364886b984784135c
hash: b850b218d5cc4cc9c1006399c26cc5ca3f9e2da3a70296fceb6760d1f0dcdf90
hash: b8ec6dca18acb873bf8bf55bc3614df0aaed333638d79fda075f03661d8a5662
hash: bcc9ebce78fdbb1271ff1a2e0def82ec87d6e964a18293e82ec0cdd12856e66b
hash: bdafb81fa5a41728d578b0682a6e7f9095250161558431184093acc3641573fa
hash: c0bab2e5718056617a4e6965ba8f8babf04adfb11602301223004e3b786bb779
hash: c391b1e00a8fcc120605a6e0c4e26c5ec9624b8e194460d34ae0d26efd147847
hash: c3a2a5b7d8e4bd8fb571a8104170d930647fa73babcfc414adcdef76fb1a57c4
hash: ca96040d8899196ff02592a4c01b595a191f4dd89d4d11be8703645019871d33
hash: cac499fe09d2640e376c6e6f45d5d287c75faf94d8ba26290016a815a8b4c5b4
hash: d1e85806e7013aa984356dbce28972f11be4860ab4152cd5510dff3388a89b45
hash: d2fbaa89cc5e4e03ecdf7ccfc28fd13230643bfb41a3619fbec64076a2b56a7c
hash: d70bc73a61252d5d9fde5593670fa790e4e9611838fd6c74f2b9cab97a5cea0f
hash: d792bc4896854d30b1ea4b2120ec39c4987b4d63802ee0775314f269f138e7f7
hash: d799cc1713932e9748ec9d293f831d150e1e345c0e58279cd7c3e49c35e667be
hash: d7f2a620429bf104f593ef789aaef0b25afa90b81b5d2285c54eac47dee52aac
hash: d8c2f9f843cb7764d138c5cb74a4a887eadcdfc5af0ab7df805af6f40fe27dc1
hash: d9a0d3f05ed8efd475f7b76ca3d4ad7d136b274979d2a0abb6ca26d1a2e98512
hash: db0d90d825db484a146ebc43408c8e722b676616c32d84684bc94ddc8b92e893
hash: db62ac71ac17a2f8e3d19b4f093ff1226d5de7fa323dd4564fb0dbb37ae8a364
hash: dd8502622eaa4e3798f4848cfe81c06ed0dffd7cb0a62c7ab6c7124d5b07bb04
hash: de101b0a881d69ab314e0863845e5f0e62c749eea87a704ecbb3bccb5c0bb1ac
hash: dfa5785c13a739fb2fae72f405984eef89dc7bf3dd94137692e96826113d51e0
hash: e18e59723949ad0a2791e95d4c0ffd7657929e8dc6a0d718598b3aec962f73c2
hash: e340e41da2779a714c2c0590955ade6dc35b3c9246bde5cca8e1cab1b937593c
hash: e498e98578ec27b680fff36768852fa00eea90e4f2de4cdae269a2d523624e36
hash: e7a1d74883e220d92ef024301850c1d56f95bb07fd72e82f4c644b940576d866
hash: e80291d2827a0abd4ed1c761eaf396f70fe91ce50bdef828e135a8e482af19c3
hash: ef4b57bad0d28a65333691e1c27787690d58516a79f9cf2fbe840d69401a1932
hash: ef9621f7fe04fd053e58af7d5863780defd1d2948c131d7df3f76bdb46932688
hash: f0532759ccaa0ea7f0ec8ec3225eb0e6d87cc3ddd1361967f4ea487bff4394bb
hash: f81b533757f4603f2eae935b8b9f466b2c2e3563f44bd40711afbf8980f45eb2
hash: fccf2c72054e9aa8e5a134854e573b23316a6622631f818695d9c0eb3ca3f1a7
url: http://download.playthecheckers.com/d/Checkers.exe
url: http://download.playthechess.com/d/MasterChess_oc.exe
url: http://download.playtheminesweeper.com/d/Minesweeper.exe
url: http://effortlesspdf.com/EffortlessPDF.exe
url: https://anyproductmanual.com/
url: https://download.allmanualsreader.com/AllManualsReader_oc.exe
url: https://download.anyproductmanual.com/anyproductmanual.exe
url: https://download.askbexxyhow.com/d/AskBexxyHow.exe
url: https://download.justaskjacky.com/d/justaskjacky.exe
url: https://download.manualreaderpro.com/d/manualreaderpro.exe
url: https://download.openmymanual.com/OpenMyManual.exe
url: https://download.playclassicfallingblocks.com/d/FallingCubes.exe
url: https://download.playclassicminesweeper.com/ClassicMinesweeper.exe
url: https://download.playclassicsnake.com/d/SnakeAxxack.exe
url: https://download.playclassicsudoku.com/ClassicSudoku_oc.exe
url: https://download.quickmanualreader.com/d/quickmanualreader.exe
url: https://download.startplayingcrossword.com/Crossword.exe
url: https://download.sudokufunspot.com/sudokufunspot.exe
url: https://download.themanualshelf.com/d/themanualshelf.exe
url: https://download.totalusermanuals.com/totalusermanuals.exe
url: https://get.usermanualsonline.com/viewmanual.exe
url: https://getallmanuals.com/GetAllManuals.exe
url: https://getmanualviewer.com/getmanualviewer.exe
url: https://rocketpdfpro.com/RocketPDFPro.exe
url: https://speedypdfhub.com/SpeedyPDFHub.exe
domain: anyproductmanual.com
domain: effortlesspdf.com
domain: getallmanuals.com
domain: getmanualviewer.com
domain: rocketpdfpro.com
domain: speedypdfhub.com
domain: api.00isgy77i9fqrn9rmu.com
domain: api.1f8tlqv4bfa75qaxl7.com
domain: api.1r2htpstv0jyv4gr3j.com
domain: api.42a2hudcuvftqlmit2.com
domain: api.78kwijczjz0mcig0f0.com
domain: api.7trellca1rt257t2wa.com
domain: api.85etpt40zf7ht4yd1u.com
domain: api.ana43c4ajq1o10642i.com
domain: api.bftdtfky0i2gewg6ki.com
domain: api.cjby76nlcynrc4jvrb.com
domain: api.d1iwuj0s7os571e3a4.com
domain: api.e8b7xa22r6pevc1lmu.com
domain: api.h06bwr0wg9iyy8ygl0.com
domain: api.ka4f064txqusqf1ecb.com
domain: api.kdtskq5kw4cwqvauxy.com
domain: api.meg7xqos0m7h9urhr0.com
domain: api.mixpnl.com
domain: api.mxpanel.com
domain: api.npfk87zidodfqsfqxd.com
domain: api.opfktvbbb0d5pphzlc.com
domain: api.phpjzo16ok6qvpvcrz.com
domain: api.pyej17uw09d1bqlndg.com
domain: api.rmr6qd1zy9hyafyzk2.com
domain: api.rxpfo7bgftr5gjq99u.com
domain: api.sey3p6htm1ays1iy54.com
domain: api.slkzkcpz5xf8nplyb6.com
domain: api.uode7wkkvojxsfpom0.com
domain: api.vgp4filwmg5ogq58xy.com
domain: api.vtqgo0729ilnmyxs9q.com
domain: api.zxg4jy1ssoynji24po.com
domain: download.allmanualsreader.com
domain: download.anyproductmanual.com
domain: download.askbexxyhow.com
domain: download.classic8ball.com
domain: download.gocookmate.com
domain: download.justaskjacky.com
domain: download.manualreaderpro.com
domain: download.openmymanual.com
domain: download.playclassicfallingblocks.com
domain: download.playclassicminesweeper.com
domain: download.playclassicsnake.com
domain: download.playclassicsudoku.com
domain: download.playthecheckers.com
domain: download.playthechess.com
domain: download.playtheminesweeper.com
domain: download.playthesolitaire.com
domain: download.quickmanualreader.com
domain: download.startplayingcrossword.com
domain: download.sudokufunspot.com
domain: download.themanualshelf.com
domain: download.totalusermanuals.com
domain: get.latest-manuals.com
domain: get.usermanualsonline.com

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

Severity: medium

Type: campaign

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden

Indicators of Compromise

url: http://download.playthesolitaire.com/d/Solitare.exe
url: https://download.classic8ball.com/d/classic8ball.exe
url: https://download.gocookmate.com/d/gocookmate.exe
hash: 01dbf572dd922646c07413cdc5fe4033
hash: 10bd14c9fc9e9f6025c839f8fa2adc04
hash: 140c9606e6241709cd3e32808adaf37a
hash: 1442475efec95ae1939fa09071603c39
hash: 176eb30040869fb57d26d514e02c63d2
hash: 185a909367272507e52d59ad35fd7d20
hash: 193c2f90459964d611073e5c99bbdb7f
hash: 1f5dda7f77943a5523e32f233639d05f
hash: 2103c97c65b941bc8ff3b0daa19aae19
hash: 22eb8728dc9aee6a245b7866808b04c3
hash: 232f197f90f57c58946137b977c063f3
hash: 2518a0b7b7ed90a2afd40a1bc18f9652
hash: 287de08218ea23f7e795da3caf525bb6
hash: 296690fcb018a76cbfd5c9a16123a575
hash: 2a4a866a73ce8e96547b2a18b572ef76
hash: 2c8508dcce097a55dcd90f97b076ad4d
hash: 3721f97ef3caaede98c3185b6c7976a3
hash: 45913a32740f343db1e8b1be1d713cfe
hash: 45e2df8ec79592f70e9ce3b15eebb1f0
hash: 488021d75bec7696601ed59c274da141
hash: 4bcd12a14a82a686bc794a79f4fea437
hash: 4ea2654e2c733e4037c20ca0e3e9a8b8
hash: 5276789f062e9c58fe0d0fd282f4c8be
hash: 58041d09789fd3e4efcb79081d21c9c4
hash: 602ddeff54cf393b745952eb2863c6d8
hash: 6231af76f9869a4dbaa63879181e1737
hash: 6693f0b8de381d85e6e79f5aa0a6439a
hash: 6804013a59dc5a4ce14c74babf72ea94
hash: 6d67c17cc52fc58b1a87f18476c2acfe
hash: 799e22bf5e1ddba13ebb7b657abbf515
hash: 7e1b25ccbbab57ea1f222cc0c2e87a8b
hash: 8374a22a26560f1d97ebcd30f88d5760
hash: 85e25a777e7b6b9b06d5114345b14352
hash: 8923b48dd6eb96010706d23c3cbe0e8a
hash: 895e24527b10897fbfdf661d26d15e70
hash: 8cbacfd815453f54782c1bdfe422914c
hash: 8d60d12791d3a15308f61c403a3a7902
hash: 90ac5156d701bbc7e0440276449b0a49
hash: 935941bbdc23adc6b4275cb0e58429f3
hash: 961f346deb28540daa0a2e2f42ded18c
hash: 9aec197c4ea538da391f04067c5c950a
hash: 9caeb82ce8ab736952e40cab08ba4994
hash: 9dfe1a0a220e22cbe0a53cf70f6eca01
hash: a9adc705fb0e2f0e6668038f3baa0003
hash: ac5b92d5cd1ef266d5fca3d02424f8ca
hash: b2692128faa0481ff94ed61c73f76a67
hash: b44d7fb078589ae671f1dcce97c790ef
hash: b91775695212ad5b363bd1b66e760314
hash: c35cb8e4ce9ae9e11509f241d40e99bf
hash: c7bca800054ed551223562f730d5511c
hash: c900877156d21f228d8dd555241e75f0
hash: cbf3833005e390fbb3e6445088c8e64f
hash: cfec0f1dc21eed72544ddc09c96f3472
hash: d4ac35914e8cc307c6e972214b3218c8
hash: dace6478266cc9e25166d9247fb10fb9
hash: e145b47680a8f1f9aa7a7c1cfeb0fd78
hash: e61b911d99949410adf9a403f6fca53d
hash: f48e58a8e3b846c7e4823228098073fe
hash: f6e7b560735df83efa3f10982af991fc
hash: f7dfa107eca428ea0cdd9fbb1a46b7b9
hash: f864aefc158694028f2efe295caaf6f5
hash: 01ede2327fcf1f9289af1491a11e0d182445649d
hash: 062958fff1e7369f0c96f09cbd46f1ae63d2885f
hash: 0c843c2d6a15bdae7152d11d15f6f3895d830ccd
hash: 0cda086c7c529a31bbfb59b698d2010eb440e48a
hash: 100211034eabbcfdbf810c4db696fcd9e0b98b0f
hash: 11a17f4a51da76a40a9bb57ec77aa10e6791ffa8
hash: 1549be69313a9be2a942f7914b107dd2c84a0c5e
hash: 18594a6047e4038a5b6f98e02c46a5d4b1b558b8
hash: 1ef153573b544bdd64246b2fba7f2dc1b3b51c18
hash: 21f55a2276429a2a7640a00567cb98f940388435
hash: 22887370ba325d204a210635461fff0cce5043c7
hash: 2bc0721c4255e15bcf3bc8ad7329f6e3a2fc0f93
hash: 2ccdaca93257eaa60325be0f5408a3f89e999cf8
hash: 3a8473e9a9b85865b79f099584055a51546e703b
hash: 3ca308d72500434918caca457870985eb3848c97
hash: 4071e3b7faa607f2bb64e7716987bc35a7787a11
hash: 41f10f35ff524d2f9f3751865bc07e84966be27d
hash: 435fe341b9abd6810243425de1ff978aef0edb25
hash: 4758b2ea41f2fa2d23559fd0b453cf0d9de4f24f
hash: 48f86916888d80c2aee306e5199ec35899ac3e06
hash: 5228e5f74507a56021fc73e1c37fd4f4baee59e3
hash: 533cbd6a73536a5f4bb776ac11af8b3d42b4d6c4
hash: 61ca26f402efc5f7ac717b6f4960706b20d644eb
hash: 623abe5af67aca2615592f6c602976ec3997a2b5
hash: 6922ea401def21f8ad31eefe38bc8440bae77d5d
hash: 6a9f1198951dc2d23cd79f317b57d1d86af4af89
hash: 6b02f631557673043d2e1487b853c4cabbe8b284
hash: 6f3949089e39ca679e28ffccfc564db0b9a0157d
hash: 72751048f397626483be71c6c856a059674f85ae
hash: 736eb11847fb4133f42e001684ab6603b8f16e6f
hash: 88b26a8e2377ed1f8d0c9de79a3c810032a5b66b
hash: 8a91094d4da47e2bdcd2136f1757c57bf4bbdbac
hash: 8ccfcab17059002c3837bfefb185db5fbb3f8155
hash: 9a395a8a85c5972cd0edf512e60da014dc9f6d10
hash: a5c87e3e38c023076a3376f4fbf98d2a66b06139
hash: a65e2e354343f07424bb669dbf09a552bdf397e1
hash: a834ef45162dcf4b24b9207788418c0a3c02aa16
hash: a8b2b235e756a0bb719b9f62ad487970ef630b13
hash: a92c0058cfd66916c3997cd44b326bf5e80b3200
hash: a93907e77340e4aadcc66e1afb9d342789f0cbd1
hash: adb99bb8bef982572347a924b7796b4fa3e72af2
hash: ae8f72a8f5663096a2e05493e21445bc414c3c07
hash: b0306b7f6446b0a6b14116b1d19fcf655a0fe39a
hash: b1d7709f66c3c5384b47c7b59de7ddf64d4afa32
hash: b966d657e72dcb301d6b95e6f4ce2a5035883930
hash: bfa1595e48a63c456a23309c9d596e82baf18645
hash: c2ab4557c88ea7f405a10c003951927683c9b463
hash: c32224ee93a7facb366aaa8398a912b79bc28502
hash: c85b4165110be30584bced87b1631ba5694bccd3
hash: cae036a4c216390aadae561f455b6c883b46c927
hash: cd080b96555523b09c41b026d4e323b35b1db206
hash: d421cff282e4f84cf0ecdd9de9355ca93cdf9491
hash: db33b2b39ad206a60a54a42912ba5737258d4b19
hash: dccff7f4e377ab928127cc61c1f29b14b7ccb335
hash: e5507e8a97d1585ae354cebfc79f8c2d1255d3ae
hash: e5f2490f450b785b3cd8a9c4005aaa212c23fea9
hash: ebdcf37e5bec0cdcb963729afb7df623941bb0c9
hash: f10743a6ecfcd8ed0c13e276154efb7c8aa79d8e
hash: f45fa2c31e20ea24541dea3f79f79c6843b6c9aa
hash: fca9e9d4a9b52c374f8a0c0f5956b485a75c6ad6
hash: ff650de517186b1602bad7344a9251e6e6d4dfe6
hash: 035e7dd115afc47704db586a61aa9c189cde7228e752e0491352930f20d97dcc
hash: 05d9f4426ad77fcf73a357a4f5ca1d0cf9ceccf44117c1bc829afb79a2f8671b
hash: 06555b8bf3bdf36bf36b4e6a4f5298da732207867c57961a1cb14a14f845e25f
hash: 073bd7acf920d7c90fc130213a43b46e5e082e86e1506309c5818df1b4df2a97
hash: 091d3bf2f0f6dc08b23151b5acd7cf53217d1ed2812e507d96dc467d9d3092d6
hash: 0abd1e39e17fa99366c8f1cc9171730867b6e86f6362b0492a090170f0305e55
hash: 0ad487d3bd904ade98b505bdd891d1a19665159b0e579696ac0b6a82e9f80617
hash: 0b90c3ef5bc8918c334638f2f11100a992fafbca7e16934652b70f3b2579131b
hash: 0bf92be9bb3989d78ce9f345df190a543eb984cc5479928399b4610d5d94c41f
hash: 113b23c062229aa57dfef68631f85f615e61673024b73cb9c0f5269b712610fa
hash: 14577f1a8d5ea9f5f255b456f0f69fe4e3a1cba82d707de28b3ca25410393c17
hash: 167359b715610003752cbc89b122a6df97e501304cb4a1ee94a6e75ebf51d6d6
hash: 16e9cf18961ed32613c69d5d4c0f54eb0f051e40a431121bc8fe6de9b3f64b01
hash: 1925e877ce6492a7d1293f3f6f4dcbc70ca3c74bbf42ae2ba80e1b5a2e0925d1
hash: 19d61d0a67207debfb21af2bf8774e010796e5d41f986848d63169c68cc7fa86
hash: 1a58c5b8b79f3ed90d43b4d117b01eb32e27b8235d9b3ceda4803a57e6250596
hash: 1d2027b35978be2a92f27203941f51d9352d56f3cf83f131f9824a7f0891a692
hash: 1e1cbfe91aa9be47480df265f6b5a0fed2f99116bcaa5e6e98689e3498616f84
hash: 1fc4819fcf2522622fd846bf4abcd03ae02adf41366b9911fe7bb30f2a4dc4b7
hash: 218a3a2e60779c4b4f1c83467f93d7b5c405b9acb799b4b2cdaacb7b26cd48a1
hash: 21b8c5dabbe910a4c1ada58534e01580eb600a1ab0b8f105e5f8609bdc7f6c42
hash: 2355ee5283fe7171d5d74302eb7f4e371e2e76c52eb3f07ff3a954a854ae8e4e
hash: 25575ffd50528952865b2b1df354461148474606c1adc68c0f140e3dcab10362
hash: 2cd68ea7f02e8cfaded52d64c2cb71b64560b3799c948960db37e827618ff22d
hash: 3075a2f60611fcfc763059f95f5577999d5bbc39dd33aa9b5b8bc8219c6f2ae4
hash: 30d21ea26917366654f606a8577b430cafe03654432cc97598fad30d16157e2c
hash: 315c2c6654cc4a29597ffc2c5694e38385e67b3f8b149960874a539836c5773d
hash: 335a7383867b0da0731968363956d6f31116460b1f9060d0e8c79ff735211733
hash: 33fb19d5d9c0ca8bea177722807560005c4c2a0533ce3356efdcefc6e93cebff
hash: 3466810f091a29be4380a634e3aa3f0bafef0b36041abf9ba90a72b4085433d3
hash: 3697f763980e594c83d708b43c410f753134e83baf33f822bba36133e0b1eafc
hash: 3731b729ffc4aaa42bacb56e0340e29d3b0cb5d14f287bc281ecb716eba0d8d1
hash: 3826e54318e80e8942bd9b8ab347f560d5dd9741276fec5a26d3eee862516767
hash: 3c34ec7e666c853465058b96421c018d93e532350547a90a6f68c7db5414a4b1
hash: 3c51ca74e721e5e177c5a8495131d7a65ea6733ea8e8875ba3e1ce0270a136b7
hash: 3cccbe2e524cb458ea48c108e36efabbf36c76cf30c80b64f52acf8b7b113de9
hash: 3cfd405d7e7f3d7af3d9be6387828fc14d6c24be6ea0651e18a8a63f1cd164cb
hash: 467876a203eb2c2b01b2d58f1e00271cb6bb75834af08a67e2c69fa0e4788ea5
hash: 483657b8b1f3b81540d05842331bc3a564f77f22017ee5abeeffc0e832efcf6f
hash: 4967262d1b136bb77be89a2e15c732a9edcc0377b6aaa88a6abecf5a4f8b9215
hash: 4d2bb8c9d995d52dd2ef763af7158bd8f7ff6a59c4004ea38ff0eef684c78381
hash: 512735bb19571707ab484cdfdb2cba74f5a8fdd9e415a8ea8ccf5c1f326f9a4e
hash: 51d876d638a6155572f8cbd42cdd8ae61c84b1816438bc53eb40534f7a92bb69
hash: 52d234e085c8bf67fa9d338cc5621f17d4ebe166f180896185e5f28c2655c811
hash: 5a0e37f70f9ce00ba40edfb4e6d11e87ea6bd0edecf6f604029ef98aa2bd33e9
hash: 5c8f276286c2b588fb15b72e8b20c051ae84ed26d93187eaea41b3ba8faa8954
hash: 6c0178a70759eadeb6f88a2c6bc4a217f1aba2ebdadd132610fe86d3994c2a66
hash: 6ea919c991b29ac78d80b9b6080c380a3e53813e1a2b0c3e576763a3ec22ef05
hash: 71273af47ee2792b68320054ebf44d2dfe4cbe7825c0aedc5a9b65abb5744851
hash: 7364b8cefd46a8ff918df679066fb8041b98a3e57a09f782ad6f8757fabf56cd
hash: 760663fd61c55f112186151721425857a485ec6a1db1b2cb8b41bba9ed40af1e
hash: 7fe170dc2ca9f333a177d7d2a5f6fee9e674164e7b46b2c2590c49be1aa9fe05
hash: 80f90b9e563e1cfe981a9faf24c9430198bb15916a2dc5e75d14227a8fab9cb6
hash: 822f5dcfe7350d259594d92128ba9fc2b7620aa33b571d8af8a87945d8909026
hash: 82c452855e3d41cb1a3396e8e1aed7e26812f127ef31c93a8f375e1acb458ff5
hash: 840b1e76961836f3af79bf4d0a68d426c764587173a8f308d3e6012393c6a9f8
hash: 8ecd3c8c126be7128bf654456d171284f03e4f212c27e1b33f875b8907a7bc65
hash: 8fb8d1df307f58db070eb5aa82a3ef3a41512d2aa73278d574ab32e55123488a
hash: 94dc4138bfabf6a3e7cefffc5f5062fe0ac31384bae4ad78f27557ddb29f6eae
hash: 94fbb9cc3af0d9ec25d415e35ec65491d6182e452265c854e125cfd94227a53d
hash: 9a77a653ed5c2ec0f9c00019ef6a5cf6153335fcb636c5e56edc3ccd7ad12cd2
hash: 9b21cb18aafa50339563af4ae211688846bcb030d43644e251da9d0bad2c9072
hash: 9b8bc1df9b891a166de9aefc58fe2ae04fb238f97aa90405617ff9e7501c99a8
hash: 9f5538afb90dfb0eac126808868a65403a09758b63e3688ef17df1de27782813
hash: 9f948215b9ee7e7496ce3bc9e46fda56b50cc8905b88535225c7651007f660d5
hash: 9fb1dc56a042e6eca786f3aaa7b21d148dfb8276f6cc2cdb867408b20117f547
hash: a0dae9b551026295575dcf4b1f668069b8fe8119458e792e8293299a74e79436
hash: a16cbf9ab535d4ad628b583ec3e026799f38bb50b98c495333302f7b804390ea
hash: a16ecfcf5e6d7742f0e642309c3a0bf84eaf21962e663ce728f44c93ee70a28e
hash: a5187cbb42b0e0dfb747c8fe86638dc68be9915ec112f7f6f72c8f3735489c76
hash: a67cd1ea41484edfca83f53c1f1c8d21717335e8cff2a00dce1c79ff5b48cb2a
hash: a7fbbb0393e36bc70b6eafb967a3b11a65c442090da1840364886b984784135c
hash: b850b218d5cc4cc9c1006399c26cc5ca3f9e2da3a70296fceb6760d1f0dcdf90
hash: b8ec6dca18acb873bf8bf55bc3614df0aaed333638d79fda075f03661d8a5662
hash: bcc9ebce78fdbb1271ff1a2e0def82ec87d6e964a18293e82ec0cdd12856e66b
hash: bdafb81fa5a41728d578b0682a6e7f9095250161558431184093acc3641573fa
hash: c0bab2e5718056617a4e6965ba8f8babf04adfb11602301223004e3b786bb779
hash: c391b1e00a8fcc120605a6e0c4e26c5ec9624b8e194460d34ae0d26efd147847
hash: c3a2a5b7d8e4bd8fb571a8104170d930647fa73babcfc414adcdef76fb1a57c4
hash: ca96040d8899196ff02592a4c01b595a191f4dd89d4d11be8703645019871d33
hash: cac499fe09d2640e376c6e6f45d5d287c75faf94d8ba26290016a815a8b4c5b4
hash: d1e85806e7013aa984356dbce28972f11be4860ab4152cd5510dff3388a89b45
hash: d2fbaa89cc5e4e03ecdf7ccfc28fd13230643bfb41a3619fbec64076a2b56a7c
hash: d70bc73a61252d5d9fde5593670fa790e4e9611838fd6c74f2b9cab97a5cea0f
hash: d792bc4896854d30b1ea4b2120ec39c4987b4d63802ee0775314f269f138e7f7
hash: d799cc1713932e9748ec9d293f831d150e1e345c0e58279cd7c3e49c35e667be
hash: d7f2a620429bf104f593ef789aaef0b25afa90b81b5d2285c54eac47dee52aac
hash: d8c2f9f843cb7764d138c5cb74a4a887eadcdfc5af0ab7df805af6f40fe27dc1
hash: d9a0d3f05ed8efd475f7b76ca3d4ad7d136b274979d2a0abb6ca26d1a2e98512
hash: db0d90d825db484a146ebc43408c8e722b676616c32d84684bc94ddc8b92e893
hash: db62ac71ac17a2f8e3d19b4f093ff1226d5de7fa323dd4564fb0dbb37ae8a364
hash: dd8502622eaa4e3798f4848cfe81c06ed0dffd7cb0a62c7ab6c7124d5b07bb04
hash: de101b0a881d69ab314e0863845e5f0e62c749eea87a704ecbb3bccb5c0bb1ac
hash: dfa5785c13a739fb2fae72f405984eef89dc7bf3dd94137692e96826113d51e0
hash: e18e59723949ad0a2791e95d4c0ffd7657929e8dc6a0d718598b3aec962f73c2
hash: e340e41da2779a714c2c0590955ade6dc35b3c9246bde5cca8e1cab1b937593c
hash: e498e98578ec27b680fff36768852fa00eea90e4f2de4cdae269a2d523624e36
hash: e7a1d74883e220d92ef024301850c1d56f95bb07fd72e82f4c644b940576d866
hash: e80291d2827a0abd4ed1c761eaf396f70fe91ce50bdef828e135a8e482af19c3
hash: ef4b57bad0d28a65333691e1c27787690d58516a79f9cf2fbe840d69401a1932
hash: ef9621f7fe04fd053e58af7d5863780defd1d2948c131d7df3f76bdb46932688
hash: f0532759ccaa0ea7f0ec8ec3225eb0e6d87cc3ddd1361967f4ea487bff4394bb
hash: f81b533757f4603f2eae935b8b9f466b2c2e3563f44bd40711afbf8980f45eb2
hash: fccf2c72054e9aa8e5a134854e573b23316a6622631f818695d9c0eb3ca3f1a7
url: http://download.playthecheckers.com/d/Checkers.exe
url: http://download.playthechess.com/d/MasterChess_oc.exe
url: http://download.playtheminesweeper.com/d/Minesweeper.exe
url: http://effortlesspdf.com/EffortlessPDF.exe
url: https://anyproductmanual.com/
url: https://download.allmanualsreader.com/AllManualsReader_oc.exe
url: https://download.anyproductmanual.com/anyproductmanual.exe
url: https://download.askbexxyhow.com/d/AskBexxyHow.exe
url: https://download.justaskjacky.com/d/justaskjacky.exe
url: https://download.manualreaderpro.com/d/manualreaderpro.exe
url: https://download.openmymanual.com/OpenMyManual.exe
url: https://download.playclassicfallingblocks.com/d/FallingCubes.exe
url: https://download.playclassicminesweeper.com/ClassicMinesweeper.exe
url: https://download.playclassicsnake.com/d/SnakeAxxack.exe
url: https://download.playclassicsudoku.com/ClassicSudoku_oc.exe
url: https://download.quickmanualreader.com/d/quickmanualreader.exe
url: https://download.startplayingcrossword.com/Crossword.exe
url: https://download.sudokufunspot.com/sudokufunspot.exe
url: https://download.themanualshelf.com/d/themanualshelf.exe
url: https://download.totalusermanuals.com/totalusermanuals.exe
url: https://get.usermanualsonline.com/viewmanual.exe
url: https://getallmanuals.com/GetAllManuals.exe
url: https://getmanualviewer.com/getmanualviewer.exe
url: https://rocketpdfpro.com/RocketPDFPro.exe
url: https://speedypdfhub.com/SpeedyPDFHub.exe
domain: anyproductmanual.com
domain: effortlesspdf.com
domain: getallmanuals.com
domain: getmanualviewer.com
domain: rocketpdfpro.com
domain: speedypdfhub.com
domain: api.00isgy77i9fqrn9rmu.com
domain: api.1f8tlqv4bfa75qaxl7.com
domain: api.1r2htpstv0jyv4gr3j.com
domain: api.42a2hudcuvftqlmit2.com
domain: api.78kwijczjz0mcig0f0.com
domain: api.7trellca1rt257t2wa.com
domain: api.85etpt40zf7ht4yd1u.com
domain: api.ana43c4ajq1o10642i.com
domain: api.bftdtfky0i2gewg6ki.com
domain: api.cjby76nlcynrc4jvrb.com
domain: api.d1iwuj0s7os571e3a4.com
domain: api.e8b7xa22r6pevc1lmu.com
domain: api.h06bwr0wg9iyy8ygl0.com
domain: api.ka4f064txqusqf1ecb.com
domain: api.kdtskq5kw4cwqvauxy.com
domain: api.meg7xqos0m7h9urhr0.com
domain: api.mixpnl.com
domain: api.mxpanel.com
domain: api.npfk87zidodfqsfqxd.com
domain: api.opfktvbbb0d5pphzlc.com
domain: api.phpjzo16ok6qvpvcrz.com
domain: api.pyej17uw09d1bqlndg.com
domain: api.rmr6qd1zy9hyafyzk2.com
domain: api.rxpfo7bgftr5gjq99u.com
domain: api.sey3p6htm1ays1iy54.com
domain: api.slkzkcpz5xf8nplyb6.com
domain: api.uode7wkkvojxsfpom0.com
domain: api.vgp4filwmg5ogq58xy.com
domain: api.vtqgo0729ilnmyxs9q.com
domain: api.zxg4jy1ssoynji24po.com
domain: download.allmanualsreader.com
domain: download.anyproductmanual.com
domain: download.askbexxyhow.com
domain: download.classic8ball.com
domain: download.gocookmate.com
domain: download.justaskjacky.com
domain: download.manualreaderpro.com
domain: download.openmymanual.com
domain: download.playclassicfallingblocks.com
domain: download.playclassicminesweeper.com
domain: download.playclassicsnake.com
domain: download.playclassicsudoku.com
domain: download.playthecheckers.com
domain: download.playthechess.com
domain: download.playtheminesweeper.com
domain: download.playthesolitaire.com
domain: download.quickmanualreader.com
domain: download.startplayingcrossword.com
domain: download.sudokufunspot.com
domain: download.themanualshelf.com
domain: download.totalusermanuals.com
domain: get.latest-manuals.com
domain: get.usermanualsonline.com

Source: AlienVault OTX General

Published: Thu Nov 20 2025

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

Medium

Campaignmalvertising javascript persistence shell companies code-signing seo remote access social engineering t1053.005 t1132.001 t1059.007 t1204.002 t1027 t1036.001 t1012 t1189 t1071.001

Published: Thu Nov 20 2025 (11/20/2025, 08:15:41 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 11/20/2025, 10:01:50 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.acronis.com/en/tru/posts/cooking-up-trouble-how-tamperedchef-uses-signed-apps-to-deliver-stealthy-payloads"]
Adversary: TamperedChef
Pulse Id: 691ece2d1916c387b6074ce5
Threat Score: null

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://download.playthesolitaire.com/d/Solitare.exe	—
urlhttps://download.classic8ball.com/d/classic8ball.exe	—
urlhttps://download.gocookmate.com/d/gocookmate.exe	—
urlhttp://download.playthecheckers.com/d/Checkers.exe	—
urlhttp://download.playthechess.com/d/MasterChess_oc.exe	—
urlhttp://download.playtheminesweeper.com/d/Minesweeper.exe	—
urlhttp://effortlesspdf.com/EffortlessPDF.exe	—
urlhttps://anyproductmanual.com/	—
urlhttps://download.allmanualsreader.com/AllManualsReader_oc.exe	—
urlhttps://download.anyproductmanual.com/anyproductmanual.exe	—
urlhttps://download.askbexxyhow.com/d/AskBexxyHow.exe	—
urlhttps://download.justaskjacky.com/d/justaskjacky.exe	—
urlhttps://download.manualreaderpro.com/d/manualreaderpro.exe	—
urlhttps://download.openmymanual.com/OpenMyManual.exe	—
urlhttps://download.playclassicfallingblocks.com/d/FallingCubes.exe	—
urlhttps://download.playclassicminesweeper.com/ClassicMinesweeper.exe	—
urlhttps://download.playclassicsnake.com/d/SnakeAxxack.exe	—
urlhttps://download.playclassicsudoku.com/ClassicSudoku_oc.exe	—
urlhttps://download.quickmanualreader.com/d/quickmanualreader.exe	—
urlhttps://download.startplayingcrossword.com/Crossword.exe	—
urlhttps://download.sudokufunspot.com/sudokufunspot.exe	—
urlhttps://download.themanualshelf.com/d/themanualshelf.exe	—
urlhttps://download.totalusermanuals.com/totalusermanuals.exe	—
urlhttps://get.usermanualsonline.com/viewmanual.exe	—
urlhttps://getallmanuals.com/GetAllManuals.exe	—
urlhttps://getmanualviewer.com/getmanualviewer.exe	—
urlhttps://rocketpdfpro.com/RocketPDFPro.exe	—
urlhttps://speedypdfhub.com/SpeedyPDFHub.exe	—

Hash

Value	Description	Copy
hash01dbf572dd922646c07413cdc5fe4033	—
hash10bd14c9fc9e9f6025c839f8fa2adc04	—
hash140c9606e6241709cd3e32808adaf37a	—
hash1442475efec95ae1939fa09071603c39	—
hash176eb30040869fb57d26d514e02c63d2	—
hash185a909367272507e52d59ad35fd7d20	—
hash193c2f90459964d611073e5c99bbdb7f	—
hash1f5dda7f77943a5523e32f233639d05f	—
hash2103c97c65b941bc8ff3b0daa19aae19	—
hash22eb8728dc9aee6a245b7866808b04c3	—
hash232f197f90f57c58946137b977c063f3	—
hash2518a0b7b7ed90a2afd40a1bc18f9652	—
hash287de08218ea23f7e795da3caf525bb6	—
hash296690fcb018a76cbfd5c9a16123a575	—
hash2a4a866a73ce8e96547b2a18b572ef76	—
hash2c8508dcce097a55dcd90f97b076ad4d	—
hash3721f97ef3caaede98c3185b6c7976a3	—
hash45913a32740f343db1e8b1be1d713cfe	—
hash45e2df8ec79592f70e9ce3b15eebb1f0	—
hash488021d75bec7696601ed59c274da141	—
hash4bcd12a14a82a686bc794a79f4fea437	—
hash4ea2654e2c733e4037c20ca0e3e9a8b8	—
hash5276789f062e9c58fe0d0fd282f4c8be	—
hash58041d09789fd3e4efcb79081d21c9c4	—
hash602ddeff54cf393b745952eb2863c6d8	—
hash6231af76f9869a4dbaa63879181e1737	—
hash6693f0b8de381d85e6e79f5aa0a6439a	—
hash6804013a59dc5a4ce14c74babf72ea94	—
hash6d67c17cc52fc58b1a87f18476c2acfe	—
hash799e22bf5e1ddba13ebb7b657abbf515	—
hash7e1b25ccbbab57ea1f222cc0c2e87a8b	—
hash8374a22a26560f1d97ebcd30f88d5760	—
hash85e25a777e7b6b9b06d5114345b14352	—
hash8923b48dd6eb96010706d23c3cbe0e8a	—
hash895e24527b10897fbfdf661d26d15e70	—
hash8cbacfd815453f54782c1bdfe422914c	—
hash8d60d12791d3a15308f61c403a3a7902	—
hash90ac5156d701bbc7e0440276449b0a49	—
hash935941bbdc23adc6b4275cb0e58429f3	—
hash961f346deb28540daa0a2e2f42ded18c	—
hash9aec197c4ea538da391f04067c5c950a	—
hash9caeb82ce8ab736952e40cab08ba4994	—
hash9dfe1a0a220e22cbe0a53cf70f6eca01	—
hasha9adc705fb0e2f0e6668038f3baa0003	—
hashac5b92d5cd1ef266d5fca3d02424f8ca	—
hashb2692128faa0481ff94ed61c73f76a67	—
hashb44d7fb078589ae671f1dcce97c790ef	—
hashb91775695212ad5b363bd1b66e760314	—
hashc35cb8e4ce9ae9e11509f241d40e99bf	—
hashc7bca800054ed551223562f730d5511c	—
hashc900877156d21f228d8dd555241e75f0	—
hashcbf3833005e390fbb3e6445088c8e64f	—
hashcfec0f1dc21eed72544ddc09c96f3472	—
hashd4ac35914e8cc307c6e972214b3218c8	—
hashdace6478266cc9e25166d9247fb10fb9	—
hashe145b47680a8f1f9aa7a7c1cfeb0fd78	—
hashe61b911d99949410adf9a403f6fca53d	—
hashf48e58a8e3b846c7e4823228098073fe	—
hashf6e7b560735df83efa3f10982af991fc	—
hashf7dfa107eca428ea0cdd9fbb1a46b7b9	—
hashf864aefc158694028f2efe295caaf6f5	—
hash01ede2327fcf1f9289af1491a11e0d182445649d	—
hash062958fff1e7369f0c96f09cbd46f1ae63d2885f	—
hash0c843c2d6a15bdae7152d11d15f6f3895d830ccd	—
hash0cda086c7c529a31bbfb59b698d2010eb440e48a	—
hash100211034eabbcfdbf810c4db696fcd9e0b98b0f	—
hash11a17f4a51da76a40a9bb57ec77aa10e6791ffa8	—
hash1549be69313a9be2a942f7914b107dd2c84a0c5e	—
hash18594a6047e4038a5b6f98e02c46a5d4b1b558b8	—
hash1ef153573b544bdd64246b2fba7f2dc1b3b51c18	—
hash21f55a2276429a2a7640a00567cb98f940388435	—
hash22887370ba325d204a210635461fff0cce5043c7	—
hash2bc0721c4255e15bcf3bc8ad7329f6e3a2fc0f93	—
hash2ccdaca93257eaa60325be0f5408a3f89e999cf8	—
hash3a8473e9a9b85865b79f099584055a51546e703b	—
hash3ca308d72500434918caca457870985eb3848c97	—
hash4071e3b7faa607f2bb64e7716987bc35a7787a11	—
hash41f10f35ff524d2f9f3751865bc07e84966be27d	—
hash435fe341b9abd6810243425de1ff978aef0edb25	—
hash4758b2ea41f2fa2d23559fd0b453cf0d9de4f24f	—
hash48f86916888d80c2aee306e5199ec35899ac3e06	—
hash5228e5f74507a56021fc73e1c37fd4f4baee59e3	—
hash533cbd6a73536a5f4bb776ac11af8b3d42b4d6c4	—
hash61ca26f402efc5f7ac717b6f4960706b20d644eb	—
hash623abe5af67aca2615592f6c602976ec3997a2b5	—
hash6922ea401def21f8ad31eefe38bc8440bae77d5d	—
hash6a9f1198951dc2d23cd79f317b57d1d86af4af89	—
hash6b02f631557673043d2e1487b853c4cabbe8b284	—
hash6f3949089e39ca679e28ffccfc564db0b9a0157d	—
hash72751048f397626483be71c6c856a059674f85ae	—
hash736eb11847fb4133f42e001684ab6603b8f16e6f	—
hash88b26a8e2377ed1f8d0c9de79a3c810032a5b66b	—
hash8a91094d4da47e2bdcd2136f1757c57bf4bbdbac	—
hash8ccfcab17059002c3837bfefb185db5fbb3f8155	—
hash9a395a8a85c5972cd0edf512e60da014dc9f6d10	—
hasha5c87e3e38c023076a3376f4fbf98d2a66b06139	—
hasha65e2e354343f07424bb669dbf09a552bdf397e1	—
hasha834ef45162dcf4b24b9207788418c0a3c02aa16	—
hasha8b2b235e756a0bb719b9f62ad487970ef630b13	—
hasha92c0058cfd66916c3997cd44b326bf5e80b3200	—
hasha93907e77340e4aadcc66e1afb9d342789f0cbd1	—
hashadb99bb8bef982572347a924b7796b4fa3e72af2	—
hashae8f72a8f5663096a2e05493e21445bc414c3c07	—
hashb0306b7f6446b0a6b14116b1d19fcf655a0fe39a	—
hashb1d7709f66c3c5384b47c7b59de7ddf64d4afa32	—
hashb966d657e72dcb301d6b95e6f4ce2a5035883930	—
hashbfa1595e48a63c456a23309c9d596e82baf18645	—
hashc2ab4557c88ea7f405a10c003951927683c9b463	—
hashc32224ee93a7facb366aaa8398a912b79bc28502	—
hashc85b4165110be30584bced87b1631ba5694bccd3	—
hashcae036a4c216390aadae561f455b6c883b46c927	—
hashcd080b96555523b09c41b026d4e323b35b1db206	—
hashd421cff282e4f84cf0ecdd9de9355ca93cdf9491	—
hashdb33b2b39ad206a60a54a42912ba5737258d4b19	—
hashdccff7f4e377ab928127cc61c1f29b14b7ccb335	—
hashe5507e8a97d1585ae354cebfc79f8c2d1255d3ae	—
hashe5f2490f450b785b3cd8a9c4005aaa212c23fea9	—
hashebdcf37e5bec0cdcb963729afb7df623941bb0c9	—
hashf10743a6ecfcd8ed0c13e276154efb7c8aa79d8e	—
hashf45fa2c31e20ea24541dea3f79f79c6843b6c9aa	—
hashfca9e9d4a9b52c374f8a0c0f5956b485a75c6ad6	—
hashff650de517186b1602bad7344a9251e6e6d4dfe6	—
hash035e7dd115afc47704db586a61aa9c189cde7228e752e0491352930f20d97dcc	—
hash05d9f4426ad77fcf73a357a4f5ca1d0cf9ceccf44117c1bc829afb79a2f8671b	—
hash06555b8bf3bdf36bf36b4e6a4f5298da732207867c57961a1cb14a14f845e25f	—
hash073bd7acf920d7c90fc130213a43b46e5e082e86e1506309c5818df1b4df2a97	—
hash091d3bf2f0f6dc08b23151b5acd7cf53217d1ed2812e507d96dc467d9d3092d6	—
hash0abd1e39e17fa99366c8f1cc9171730867b6e86f6362b0492a090170f0305e55	—
hash0ad487d3bd904ade98b505bdd891d1a19665159b0e579696ac0b6a82e9f80617	—
hash0b90c3ef5bc8918c334638f2f11100a992fafbca7e16934652b70f3b2579131b	—
hash0bf92be9bb3989d78ce9f345df190a543eb984cc5479928399b4610d5d94c41f	—
hash113b23c062229aa57dfef68631f85f615e61673024b73cb9c0f5269b712610fa	—
hash14577f1a8d5ea9f5f255b456f0f69fe4e3a1cba82d707de28b3ca25410393c17	—
hash167359b715610003752cbc89b122a6df97e501304cb4a1ee94a6e75ebf51d6d6	—
hash16e9cf18961ed32613c69d5d4c0f54eb0f051e40a431121bc8fe6de9b3f64b01	—
hash1925e877ce6492a7d1293f3f6f4dcbc70ca3c74bbf42ae2ba80e1b5a2e0925d1	—
hash19d61d0a67207debfb21af2bf8774e010796e5d41f986848d63169c68cc7fa86	—
hash1a58c5b8b79f3ed90d43b4d117b01eb32e27b8235d9b3ceda4803a57e6250596	—
hash1d2027b35978be2a92f27203941f51d9352d56f3cf83f131f9824a7f0891a692	—
hash1e1cbfe91aa9be47480df265f6b5a0fed2f99116bcaa5e6e98689e3498616f84	—
hash1fc4819fcf2522622fd846bf4abcd03ae02adf41366b9911fe7bb30f2a4dc4b7	—
hash218a3a2e60779c4b4f1c83467f93d7b5c405b9acb799b4b2cdaacb7b26cd48a1	—
hash21b8c5dabbe910a4c1ada58534e01580eb600a1ab0b8f105e5f8609bdc7f6c42	—
hash2355ee5283fe7171d5d74302eb7f4e371e2e76c52eb3f07ff3a954a854ae8e4e	—
hash25575ffd50528952865b2b1df354461148474606c1adc68c0f140e3dcab10362	—
hash2cd68ea7f02e8cfaded52d64c2cb71b64560b3799c948960db37e827618ff22d	—
hash3075a2f60611fcfc763059f95f5577999d5bbc39dd33aa9b5b8bc8219c6f2ae4	—
hash30d21ea26917366654f606a8577b430cafe03654432cc97598fad30d16157e2c	—
hash315c2c6654cc4a29597ffc2c5694e38385e67b3f8b149960874a539836c5773d	—
hash335a7383867b0da0731968363956d6f31116460b1f9060d0e8c79ff735211733	—
hash33fb19d5d9c0ca8bea177722807560005c4c2a0533ce3356efdcefc6e93cebff	—
hash3466810f091a29be4380a634e3aa3f0bafef0b36041abf9ba90a72b4085433d3	—
hash3697f763980e594c83d708b43c410f753134e83baf33f822bba36133e0b1eafc	—
hash3731b729ffc4aaa42bacb56e0340e29d3b0cb5d14f287bc281ecb716eba0d8d1	—
hash3826e54318e80e8942bd9b8ab347f560d5dd9741276fec5a26d3eee862516767	—
hash3c34ec7e666c853465058b96421c018d93e532350547a90a6f68c7db5414a4b1	—
hash3c51ca74e721e5e177c5a8495131d7a65ea6733ea8e8875ba3e1ce0270a136b7	—
hash3cccbe2e524cb458ea48c108e36efabbf36c76cf30c80b64f52acf8b7b113de9	—
hash3cfd405d7e7f3d7af3d9be6387828fc14d6c24be6ea0651e18a8a63f1cd164cb	—
hash467876a203eb2c2b01b2d58f1e00271cb6bb75834af08a67e2c69fa0e4788ea5	—
hash483657b8b1f3b81540d05842331bc3a564f77f22017ee5abeeffc0e832efcf6f	—
hash4967262d1b136bb77be89a2e15c732a9edcc0377b6aaa88a6abecf5a4f8b9215	—
hash4d2bb8c9d995d52dd2ef763af7158bd8f7ff6a59c4004ea38ff0eef684c78381	—
hash512735bb19571707ab484cdfdb2cba74f5a8fdd9e415a8ea8ccf5c1f326f9a4e	—
hash51d876d638a6155572f8cbd42cdd8ae61c84b1816438bc53eb40534f7a92bb69	—
hash52d234e085c8bf67fa9d338cc5621f17d4ebe166f180896185e5f28c2655c811	—
hash5a0e37f70f9ce00ba40edfb4e6d11e87ea6bd0edecf6f604029ef98aa2bd33e9	—
hash5c8f276286c2b588fb15b72e8b20c051ae84ed26d93187eaea41b3ba8faa8954	—
hash6c0178a70759eadeb6f88a2c6bc4a217f1aba2ebdadd132610fe86d3994c2a66	—
hash6ea919c991b29ac78d80b9b6080c380a3e53813e1a2b0c3e576763a3ec22ef05	—
hash71273af47ee2792b68320054ebf44d2dfe4cbe7825c0aedc5a9b65abb5744851	—
hash7364b8cefd46a8ff918df679066fb8041b98a3e57a09f782ad6f8757fabf56cd	—
hash760663fd61c55f112186151721425857a485ec6a1db1b2cb8b41bba9ed40af1e	—
hash7fe170dc2ca9f333a177d7d2a5f6fee9e674164e7b46b2c2590c49be1aa9fe05	—
hash80f90b9e563e1cfe981a9faf24c9430198bb15916a2dc5e75d14227a8fab9cb6	—
hash822f5dcfe7350d259594d92128ba9fc2b7620aa33b571d8af8a87945d8909026	—
hash82c452855e3d41cb1a3396e8e1aed7e26812f127ef31c93a8f375e1acb458ff5	—
hash840b1e76961836f3af79bf4d0a68d426c764587173a8f308d3e6012393c6a9f8	—
hash8ecd3c8c126be7128bf654456d171284f03e4f212c27e1b33f875b8907a7bc65	—
hash8fb8d1df307f58db070eb5aa82a3ef3a41512d2aa73278d574ab32e55123488a	—
hash94dc4138bfabf6a3e7cefffc5f5062fe0ac31384bae4ad78f27557ddb29f6eae	—
hash94fbb9cc3af0d9ec25d415e35ec65491d6182e452265c854e125cfd94227a53d	—
hash9a77a653ed5c2ec0f9c00019ef6a5cf6153335fcb636c5e56edc3ccd7ad12cd2	—
hash9b21cb18aafa50339563af4ae211688846bcb030d43644e251da9d0bad2c9072	—
hash9b8bc1df9b891a166de9aefc58fe2ae04fb238f97aa90405617ff9e7501c99a8	—
hash9f5538afb90dfb0eac126808868a65403a09758b63e3688ef17df1de27782813	—
hash9f948215b9ee7e7496ce3bc9e46fda56b50cc8905b88535225c7651007f660d5	—
hash9fb1dc56a042e6eca786f3aaa7b21d148dfb8276f6cc2cdb867408b20117f547	—
hasha0dae9b551026295575dcf4b1f668069b8fe8119458e792e8293299a74e79436	—
hasha16cbf9ab535d4ad628b583ec3e026799f38bb50b98c495333302f7b804390ea	—
hasha16ecfcf5e6d7742f0e642309c3a0bf84eaf21962e663ce728f44c93ee70a28e	—
hasha5187cbb42b0e0dfb747c8fe86638dc68be9915ec112f7f6f72c8f3735489c76	—
hasha67cd1ea41484edfca83f53c1f1c8d21717335e8cff2a00dce1c79ff5b48cb2a	—
hasha7fbbb0393e36bc70b6eafb967a3b11a65c442090da1840364886b984784135c	—
hashb850b218d5cc4cc9c1006399c26cc5ca3f9e2da3a70296fceb6760d1f0dcdf90	—
hashb8ec6dca18acb873bf8bf55bc3614df0aaed333638d79fda075f03661d8a5662	—
hashbcc9ebce78fdbb1271ff1a2e0def82ec87d6e964a18293e82ec0cdd12856e66b	—
hashbdafb81fa5a41728d578b0682a6e7f9095250161558431184093acc3641573fa	—
hashc0bab2e5718056617a4e6965ba8f8babf04adfb11602301223004e3b786bb779	—
hashc391b1e00a8fcc120605a6e0c4e26c5ec9624b8e194460d34ae0d26efd147847	—
hashc3a2a5b7d8e4bd8fb571a8104170d930647fa73babcfc414adcdef76fb1a57c4	—
hashca96040d8899196ff02592a4c01b595a191f4dd89d4d11be8703645019871d33	—
hashcac499fe09d2640e376c6e6f45d5d287c75faf94d8ba26290016a815a8b4c5b4	—
hashd1e85806e7013aa984356dbce28972f11be4860ab4152cd5510dff3388a89b45	—
hashd2fbaa89cc5e4e03ecdf7ccfc28fd13230643bfb41a3619fbec64076a2b56a7c	—
hashd70bc73a61252d5d9fde5593670fa790e4e9611838fd6c74f2b9cab97a5cea0f	—
hashd792bc4896854d30b1ea4b2120ec39c4987b4d63802ee0775314f269f138e7f7	—
hashd799cc1713932e9748ec9d293f831d150e1e345c0e58279cd7c3e49c35e667be	—
hashd7f2a620429bf104f593ef789aaef0b25afa90b81b5d2285c54eac47dee52aac	—
hashd8c2f9f843cb7764d138c5cb74a4a887eadcdfc5af0ab7df805af6f40fe27dc1	—
hashd9a0d3f05ed8efd475f7b76ca3d4ad7d136b274979d2a0abb6ca26d1a2e98512	—
hashdb0d90d825db484a146ebc43408c8e722b676616c32d84684bc94ddc8b92e893	—
hashdb62ac71ac17a2f8e3d19b4f093ff1226d5de7fa323dd4564fb0dbb37ae8a364	—
hashdd8502622eaa4e3798f4848cfe81c06ed0dffd7cb0a62c7ab6c7124d5b07bb04	—
hashde101b0a881d69ab314e0863845e5f0e62c749eea87a704ecbb3bccb5c0bb1ac	—
hashdfa5785c13a739fb2fae72f405984eef89dc7bf3dd94137692e96826113d51e0	—
hashe18e59723949ad0a2791e95d4c0ffd7657929e8dc6a0d718598b3aec962f73c2	—
hashe340e41da2779a714c2c0590955ade6dc35b3c9246bde5cca8e1cab1b937593c	—
hashe498e98578ec27b680fff36768852fa00eea90e4f2de4cdae269a2d523624e36	—
hashe7a1d74883e220d92ef024301850c1d56f95bb07fd72e82f4c644b940576d866	—
hashe80291d2827a0abd4ed1c761eaf396f70fe91ce50bdef828e135a8e482af19c3	—
hashef4b57bad0d28a65333691e1c27787690d58516a79f9cf2fbe840d69401a1932	—
hashef9621f7fe04fd053e58af7d5863780defd1d2948c131d7df3f76bdb46932688	—
hashf0532759ccaa0ea7f0ec8ec3225eb0e6d87cc3ddd1361967f4ea487bff4394bb	—
hashf81b533757f4603f2eae935b8b9f466b2c2e3563f44bd40711afbf8980f45eb2	—
hashfccf2c72054e9aa8e5a134854e573b23316a6622631f818695d9c0eb3ca3f1a7	—

Domain

Value	Description	Copy
domainanyproductmanual.com	—
domaineffortlesspdf.com	—
domaingetallmanuals.com	—
domaingetmanualviewer.com	—
domainrocketpdfpro.com	—
domainspeedypdfhub.com	—
domainapi.00isgy77i9fqrn9rmu.com	—
domainapi.1f8tlqv4bfa75qaxl7.com	—
domainapi.1r2htpstv0jyv4gr3j.com	—
domainapi.42a2hudcuvftqlmit2.com	—
domainapi.78kwijczjz0mcig0f0.com	—
domainapi.7trellca1rt257t2wa.com	—
domainapi.85etpt40zf7ht4yd1u.com	—
domainapi.ana43c4ajq1o10642i.com	—
domainapi.bftdtfky0i2gewg6ki.com	—
domainapi.cjby76nlcynrc4jvrb.com	—
domainapi.d1iwuj0s7os571e3a4.com	—
domainapi.e8b7xa22r6pevc1lmu.com	—
domainapi.h06bwr0wg9iyy8ygl0.com	—
domainapi.ka4f064txqusqf1ecb.com	—
domainapi.kdtskq5kw4cwqvauxy.com	—
domainapi.meg7xqos0m7h9urhr0.com	—
domainapi.mixpnl.com	—
domainapi.mxpanel.com	—
domainapi.npfk87zidodfqsfqxd.com	—
domainapi.opfktvbbb0d5pphzlc.com	—
domainapi.phpjzo16ok6qvpvcrz.com	—
domainapi.pyej17uw09d1bqlndg.com	—
domainapi.rmr6qd1zy9hyafyzk2.com	—
domainapi.rxpfo7bgftr5gjq99u.com	—
domainapi.sey3p6htm1ays1iy54.com	—
domainapi.slkzkcpz5xf8nplyb6.com	—
domainapi.uode7wkkvojxsfpom0.com	—
domainapi.vgp4filwmg5ogq58xy.com	—
domainapi.vtqgo0729ilnmyxs9q.com	—
domainapi.zxg4jy1ssoynji24po.com	—
domaindownload.allmanualsreader.com	—
domaindownload.anyproductmanual.com	—
domaindownload.askbexxyhow.com	—
domaindownload.classic8ball.com	—
domaindownload.gocookmate.com	—
domaindownload.justaskjacky.com	—
domaindownload.manualreaderpro.com	—
domaindownload.openmymanual.com	—
domaindownload.playclassicfallingblocks.com	—
domaindownload.playclassicminesweeper.com	—
domaindownload.playclassicsnake.com	—
domaindownload.playclassicsudoku.com	—
domaindownload.playthecheckers.com	—
domaindownload.playthechess.com	—
domaindownload.playtheminesweeper.com	—
domaindownload.playthesolitaire.com	—
domaindownload.quickmanualreader.com	—
domaindownload.startplayingcrossword.com	—
domaindownload.sudokufunspot.com	—
domaindownload.themanualshelf.com	—
domaindownload.totalusermanuals.com	—
domainget.latest-manuals.com	—
domainget.usermanualsonline.com	—

Threat ID: 691ee3886e8172836e79b641

Added to database: 11/20/2025, 9:46:48 AM

Last enriched: 11/20/2025, 10:01:50 AM

Last updated: 11/22/2025, 12:42:32 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

New Tools and Techniques of ToddyCat APT

Medium

CampaignFri Nov 21 2025

Analysis of APT-C-26 (Lazarus) Group's Attack Campaign Using Remote IT Disguise to Deploy Monitoring Software

Medium

CampaignFri Nov 21 2025

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Hash

Domain

Community Reviews

Related Threats

New Tools and Techniques of ToddyCat APT

Analysis of APT-C-26 (Lazarus) Group's Attack Campaign Using Remote IT Disguise to Deploy Monitoring Software

The Tsundere botnet uses the Ethereum blockchain to infect its targets

It's not personal, it's just business

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility