Melcoz
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
Melcoz can use VBS scripts to execute malicious DLLs.(Citation: Securelist Brazilian Banking Malware July 2020) |
.010 | Command and Scripting Interpreter: AutoHotKey & AutoIT |
Melcoz has been distributed through an AutoIt loader script.(Citation: Securelist Brazilian Banking Malware July 2020) |
||
Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
Melcoz has the ability to steal credentials from web browsers.(Citation: Securelist Brazilian Banking Malware July 2020) |
Enterprise | T1565 | .002 | Data Manipulation: Transmitted Data Manipulation |
Melcoz can monitor the clipboard for cryptocurrency addresses and change the intended address to one controlled by the adversary.(Citation: Securelist Brazilian Banking Malware July 2020) |
Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
Melcoz can use DLL hijacking to bypass security controls.(Citation: Securelist Brazilian Banking Malware July 2020) |
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
Melcoz has been packed with VMProtect and Themida.(Citation: Securelist Brazilian Banking Malware July 2020) |
Enterprise | T1566 | .002 | Phishing: Spearphishing Link |
Melcoz has been spread through malicious links embedded in e-mails.(Citation: Securelist Brazilian Banking Malware July 2020) |
Enterprise | T1218 | .007 | System Binary Proxy Execution: Msiexec |
Melcoz can use MSI files with embedded VBScript for execution.(Citation: Securelist Brazilian Banking Malware July 2020) |
Enterprise | T1204 | .001 | User Execution: Malicious Link |
Melcoz has gained execution through victims opening malicious links.(Citation: Securelist Brazilian Banking Malware July 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.