Description
[BADHATCH](https://attack.mitre.org/software/S1081) is a backdoor that has been utilized by [FIN8](https://attack.mitre.org/groups/G0061) since at least 2019. [BADHATCH](https://attack.mitre.org/software/S1081) has been used to target the insurance, retail, technology, and chemical industries in the United States, Canada, South Africa, Panama, and Italy.(Citation: Gigamon BADHATCH Jul 2019)(Citation: BitDefender BADHATCH Mar 2021)
External References
Techniques Used by This Malware
- T1018 — Remote System Discovery
- T1027.009 — Embedded Payloads
- T1027.010 — Command Obfuscation
- T1027.015 — Compression
- T1033 — System Owner/User Discovery
- T1041 — Exfiltration Over C2 Channel
- T1046 — Network Service Discovery
- T1047 — Windows Management Instrumentation
- T1049 — System Network Connections Discovery
- T1053.005 — Scheduled Task
- T1055 — Process Injection
- T1055.001 — Dynamic-link Library Injection
- T1055.004 — Asynchronous Procedure Call
- T1057 — Process Discovery
- T1059.001 — PowerShell
- T1059.003 — Windows Command Shell
- T1069.002 — Domain Groups
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1071.002 — File Transfer Protocols
- T1082 — System Information Discovery
- T1090 — Proxy
- T1102 — Web Service
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1113 — Screen Capture
- T1124 — System Time Discovery
- T1134.001 — Token Impersonation/Theft
- T1135 — Network Share Discovery
- T1482 — Domain Trust Discovery
- T1546.003 — Windows Management Instrumentation Event Subscription
- T1548.002 — Bypass User Account Control
- T1550.002 — Pass the Hash
- T1573.002 — Asymmetric Cryptography
- T1620 — Reflective Code Loading