Skip to content

Hide Navigation Hide TOC

Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)

Melcoz is a banking trojan family built from the open source tool Remote Access PC. Melcoz was first observed in attacks in Brazil and since 2018 has spread to Chile, Mexico, Spain, and Portugal.(Citation: Securelist Brazilian Banking Malware July 2020)

Cluster A Galaxy A Cluster B Galaxy B Level
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2