Melcoz
ID: S0530
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 10 November 2020
Last Modified: 29 March 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1555 | .003 | 从密码存储中获取凭证: Credentials from Web Browsers |
Melcoz has the ability to steal credentials from web browsers.[1] |
| Enterprise | T1115 | 剪贴板数据 | ||
| Enterprise | T1574 | .001 | 劫持执行流: DLL Search Order Hijacking |
Melcoz can use DLL hijacking to bypass security controls.[1] |
| Enterprise | T1059 | .005 | 命令与脚本解释器: Visual Basic | |
| .010 | 命令与脚本解释器: AutoHotKey & AutoIT |
Melcoz has been distributed through an AutoIt loader script.[1] |
||
| Enterprise | T1565 | .002 | 数据操控: Transmitted Data Manipulation |
Melcoz can monitor the clipboard for cryptocurrency addresses and change the intended address to one controlled by the adversary.[1] |
| Enterprise | T1185 | 浏览器会话劫持 |
Melcoz can monitor the victim's browser for online banking sessions and display an overlay window to manipulate the session in the background.[1] |
|
| Enterprise | T1027 | .002 | 混淆文件或信息: Software Packing | |
| Enterprise | T1204 | .001 | 用户执行: Malicious Link |
Melcoz has gained execution through victims opening malicious links.[1] |
| Enterprise | T1218 | .007 | 系统二进制代理执行: Msiexec |
Melcoz can use MSI files with embedded VBScript for execution.[1] |
| Enterprise | T1105 | 输入工具传输 |
Melcoz has the ability to download additional files to a compromised host.[1] |
|
| Enterprise | T1566 | .002 | 钓鱼: Spearphishing Link |
Melcoz has been spread through malicious links embedded in e-mails.[1] |