1. Home
  2. Software
  3. HALFBAKED

HALFBAKED

HALFBAKED is a malware family consisting of multiple components intended to establish persistence in victim networks. [1]

ID: S0151
Type: MALWARE
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1047 Windows管理规范

HALFBAKED can use WMI queries to gather system information.[1]
Enterprise T1059 .001 命令与脚本解释器: PowerShell

HALFBAKED can execute PowerShell scripts.[1]
Enterprise T1113 屏幕捕获

HALFBAKED can obtain screenshots from the victim.[1]
Enterprise T1070 .004 移除指标: File Deletion

HALFBAKED can delete a specified file.[1]
Enterprise T1082 系统信息发现

HALFBAKED can obtain information about the OS, processor, and BIOS.[1]
Enterprise T1057 进程发现

HALFBAKED can obtain information about running processes on the victim.[1]

Groups That Use This Software

ID Name References
G0046 FIN7

[1][2]

References

  1. Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.
  1. Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.