Chisel (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-05 18:48:40 UTC
elf.chisel (Back to overview)
Chisel
Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via
HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by
multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to
achieve persistence and used as backdoor.
Github: https://github.com/jpillora/chisel
References
2022-04-18 ⋅ SentinelOne ⋅ James Haughom
From the Front Lines | Peering into A PYSA Ransomware Attack
Chisel Chisel Cobalt Strike Mespinoza
There is no Yara-Signature yet.
Source: https://malpedia.caad.fkie.fraunhofer.de/details/elf.chisel
https://malpedia.caad.fkie.fraunhofer.de/details/elf.chisel
Page 1 of 1