HALFBAKED

HALFBAKED is a malware family consisting of multiple components intended to establish persistence in victim networks. [1]

ID: S0151
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1107 File Deletion

HALFBAKED can delete a specified file.[1]

Enterprise T1086 PowerShell

HALFBAKED can execute PowerShell scripts.[1]

Enterprise T1057 Process Discovery

HALFBAKED can obtain information about running processes on the victim.[1]

Enterprise T1113 Screen Capture

HALFBAKED can obtain screenshots from the victim.[1]

Enterprise T1082 System Information Discovery

HALFBAKED can obtain information about the OS, processor, and BIOS.[1]

Enterprise T1047 Windows Management Instrumentation

HALFBAKED can use WMI queries to gather system information.[1]

Groups That Use This Software

ID Name References
G0046 FIN7 [1] [2]

References