Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)

Melcoz is a banking trojan family built from the open source tool Remote Access PC. Melcoz was first observed in attacks in Brazil and since 2018 has spread to Chile, Mexico, Spain, and Portugal.(Citation: Securelist Brazilian Banking Malware July 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	1
Melcoz - S0530 (d3105fb5-c494-4fd1-a7be-414eab9e0c96)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	1
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2