Skip to content

S0151 HALFBAKED

HALFBAKED is a malware family consisting of multiple components intended to establish persistence in victim networks. 1

Item Value
ID S0151
Type MALWARE
Version 1.0
Created 14 December 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.001 PowerShell HALFBAKED can execute PowerShell scripts.1
enterprise T1070 Indicator Removal -
enterprise T1070.004 File Deletion HALFBAKED can delete a specified file.1
enterprise T1057 Process Discovery HALFBAKED can obtain information about running processes on the victim.1
enterprise T1113 Screen Capture HALFBAKED can obtain screenshots from the victim.1
enterprise T1082 System Information Discovery HALFBAKED can obtain information about the OS, processor, and BIOS.1
enterprise T1047 Windows Management Instrumentation HALFBAKED can use WMI queries to gather system information.1

Groups That Use This Software

ID Name References
G0046 FIN7 12

References

  1. Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017. 

  2. Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.