Skip to content


HALFBAKED is a malware family consisting of multiple components intended to establish persistence in victim networks. 1

Item Value
ID S0151
Version 1.0
Created 14 December 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.001 PowerShell HALFBAKED can execute PowerShell scripts.1
enterprise T1070 Indicator Removal on Host -
enterprise T1070.004 File Deletion HALFBAKED can delete a specified file.1
enterprise T1057 Process Discovery HALFBAKED can obtain information about running processes on the victim.1
enterprise T1113 Screen Capture HALFBAKED can obtain screenshots from the victim.1
enterprise T1082 System Information Discovery HALFBAKED can obtain information about the OS, processor, and BIOS.1
enterprise T1047 Windows Management Instrumentation HALFBAKED can use WMI queries to gather system information.1

Groups That Use This Software

ID Name References
G0046 FIN7 12


Back to top