Anti-Malware Research Whitepapers

Fin8 Group is Back in Business with Improved BADHATCH Kit

Bitdefender researchers have uncovered new versions of the BADHATCH backdoor used by the FIN8 threat actor to compromise companies in insurance, retail, technology, and chemical industries in the United States, Canada, South Africa, Puerto Rico, Panama, and Italy.

This new research describes the technical capabilities of a constantly-evolving threat actor and outlines the differences between the three BADHATCH versions.


Like most persistent and skilled cyber-crime actors, FIN8 operators are constantly refining their tools and tactics to avoid detection. Bitdefender recommends that merchants take the following actions to minimize the impact of financial malware:

  • Separate the POS network from the ones used by employees or guests
    Introduce cybersecurity awareness training for employees to help them spot phishing e-mails.
  • Integrate threat intelligence into existing SIEM or security controls for relevant Indicators of Compromise.
  • Small and medium organizations without a dedicated security team should consider outsourcing security operations to Managed Detection and Response providers.

Indicators of Compromise

An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known indicators of compromise can be found in the whitepaper below.

Download the research whitepaper here

About the author

Victor Vrabie

Victor Vrabie

Victor VRABIE is a security researcher at Bitdefender and he's based Iasi, Romania. Focusing on malware research, advanced persistent threats, and cybercrime investigations, he's also a graduate of Computer Sciences.

About the author



Bogdan Botezatu is living his second childhood at Bitdefender as director of threat research. When he is not documenting sophisticated strains of malware or planning removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Add Comment

Click here to post a comment