Register to stream ATT&CKcon 2.0 October 29-30


HALFBAKED is a malware family consisting of multiple components intended to establish persistence in victim networks. [1]

ID: S0151
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1107 File Deletion HALFBAKED can delete a specified file. [1]
Enterprise T1086 PowerShell HALFBAKED can execute PowerShell scripts. [1]
Enterprise T1057 Process Discovery HALFBAKED can obtain information about running processes on the victim. [1]
Enterprise T1113 Screen Capture HALFBAKED can obtain screenshots from the victim. [1]
Enterprise T1082 System Information Discovery HALFBAKED can obtain information about the OS, processor, and BIOS. [1]
Enterprise T1047 Windows Management Instrumentation HALFBAKED can use WMI queries to gather system information. [1]

Groups That Use This Software

ID Name References
G0046 FIN7 [1] [2]