{
	"id": "f66cbf20-6af9-465d-9bf0-b3f20fc677e2",
	"created_at": "2026-04-06T00:22:28.53877Z",
	"updated_at": "2026-04-10T03:20:31.785531Z",
	"deleted_at": null,
	"sha1_hash": "f1010089c147c971657d514a99098a4e321e2bb4",
	"title": "Fire Chili (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27355,
	"plain_text": "Fire Chili (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 22:24:51 UTC\r\nThe purpose of this rootkit/driver is hiding and protecting malicious artifacts from user-mode components(e.g.\r\nfiles, processes, registry keys and network connections).\r\nAccording to Fortguard Labs, this malware uses Direct Kernel Object Modification (DKOM), which involves\r\nundocumented kernel structures and objects, for its operations, why this malware has to rely on specific OS\r\nbuilds.\r\n[TLP:WHITE] win_firechili_auto (20251219 | Detects win.firechili.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.firechili\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.firechili\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.firechili"
	],
	"report_names": [
		"win.firechili"
	],
	"threat_actors": [],
	"ts_created_at": 1775434948,
	"ts_updated_at": 1775791231,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f1010089c147c971657d514a99098a4e321e2bb4.pdf",
		"text": "https://archive.orkl.eu/f1010089c147c971657d514a99098a4e321e2bb4.txt",
		"img": "https://archive.orkl.eu/f1010089c147c971657d514a99098a4e321e2bb4.jpg"
	}
}