HALFBAKED is a malware family consisting of multiple components intended to establish persistence in victim networks. [1]

ID: S0151
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

HALFBAKED can execute PowerShell scripts.[1]

Enterprise T1070 .004 Indicator Removal: File Deletion

HALFBAKED can delete a specified file.[1]

Enterprise T1057 Process Discovery

HALFBAKED can obtain information about running processes on the victim.[1]

Enterprise T1113 Screen Capture

HALFBAKED can obtain screenshots from the victim.[1]

Enterprise T1082 System Information Discovery

HALFBAKED can obtain information about the OS, processor, and BIOS.[1]

Enterprise T1047 Windows Management Instrumentation

HALFBAKED can use WMI queries to gather system information.[1]

Groups That Use This Software

ID Name References
G0046 FIN7