SYMBOLCOMMON_NAMEaka. SYNONYMS
win.babymetal (Back to overview)

BABYMETAL

Actor(s): Anunak


BABYMETAL is a command line network tunnel utility based on the TinyMet Meterpreter tool, primarily used to execute Meterpreter reverse shell payloads.

References
2018-10-01FireEyeRegina Elwell, Katie Nickels
@techreport{elwell:20181001:attcking:3c6d888, author = {Regina Elwell and Katie Nickels}, title = {{ATT&CKing FIN7}}, date = {2018-10-01}, institution = {FireEye}, url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s05-att&cking-fin7.pdf}, language = {English}, urldate = {2020-06-25} } ATT&CKing FIN7
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot
2018-08-01FireEyeNick Carr, Kimberly Goody, Steve Miller, Barry Vengerik
@online{carr:20180801:hunt:0fe0e15, author = {Nick Carr and Kimberly Goody and Steve Miller and Barry Vengerik}, title = {{On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation}}, date = {2018-08-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html}, language = {English}, urldate = {2019-12-20} } On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation
BELLHOP POWERPIPE BABYMETAL SocksBot Anunak
2016-01-12FireEyeJohn Miller, Barry Vengerik
@online{miller:20160112:magnificent:2aeb339, author = {John Miller and Barry Vengerik}, title = {{The Magnificent FIN7: Revealing a Cybercriminal Threat Group}}, date = {2016-01-12}, organization = {FireEye}, url = {https://www.infosecurityeurope.com/__novadocuments/367989?v=636338290033030000}, language = {English}, urldate = {2019-11-21} } The Magnificent FIN7: Revealing a Cybercriminal Threat Group
BABYMETAL

There is no Yara-Signature yet.