SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Melcoz
ID: S0530
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 10 November 2020
Last Modified: 22 December 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1185 | Browser Session Hijacking |
Melcoz can monitor the victim's browser for online banking sessions and display an overlay window to manipulate the session in the background.[1] |
|
| Enterprise | T1115 | Clipboard Data | ||
| Enterprise | T1059 | Command and Scripting Interpreter |
Melcoz has been distributed through an AutoIt loader script.[1] |
|
| .005 | Visual Basic | |||
| Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
Melcoz has the ability to steal credentials from web browsers.[1] |
| Enterprise | T1565 | .002 | Data Manipulation: Transmitted Data Manipulation |
Melcoz can monitor the clipboard for cryptocurrency addresses and change the intended address to one controlled by the adversary.[1] |
| Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
Melcoz can use DLL hijacking to bypass security controls.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
Melcoz has the ability to download additional files to a compromised host.[1] |
|
| Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing | |
| Enterprise | T1566 | .002 | Phishing: Spearphishing Link |
Melcoz has been spread through malicious links embedded in e-mails.[1] |
| Enterprise | T1218 | .007 | Signed Binary Proxy Execution: Msiexec |
Melcoz can use MSI files with embedded VBScript for execution.[1] |
| Enterprise | T1204 | .001 | User Execution: Malicious Link |
Melcoz has gained execution through victims opening malicious links.[1] |
References
×