The Halfbaked Command and Control Beacon detection rule identifies potential command and control (C2) activities associated with the Halfbaked malware family. This malware is designed to maintain persistence in compromised networks by leveraging HTTP and TLS protocols, disguising its malicious traffic among legitimate usage. The detection criteria are based on analyzing network traffic patterns that exhibit unusual characteristics, particularly those using specific ports known for C2 communications (53, 80, 8080, and 443). The rule is triggered when network traffic matches predefined suspicious URL structures or unusual application layer protocols. It provides steps for investigation, outlining methods to identify and analyze potential threats through network logs and endpoint correlations. Additionally, guidance is included for addressing false positives that may arise from legitimate network activities. The threat associated has been linked to FIN7 campaigns, categorized under high risk due to its ability to enable adversarial control over targeted networks. Appropriate response actions include isolating affected systems, performing malware scans, blocking malicious IPs, and restoring from clean backups. The rule is part of a production maturity level, indicating its established effectiveness in detecting related threats.