[Intel]: https://blog.exatrack.com/melofee/

[timb-machine]

Area

Malware reports

Parent threat

Reconnaissance, Resource Development, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery, Command and Control

Finding

https://blog.exatrack.com/melofee/

Industry reference

attack:T1583.001:Domains
attack:T5183.004:Server
attack:T1071.001:Web Protocols
attack:T1587.001:Malware
attack:T1037.004:RC Scripts
attack:T1059.004:Unix Shell
attack:T1132.002:Non-Standard Encoding
attack:T1573.001:Symmetric Cryptography
attack:T1083:File and Directory Discovery
attack:T1592.002:Software
attack:T1564.001:Hidden Files and Directories
attack:T1562.003:Impair Command History Logging
attack:T1070.004:File Deletion
attack:T1599.001:Network Address Translation Traversal
attack:T1095:Non-Application Layer Protocol
attack:T1571:Non-Standard Port
attack:T1027.002:Software Packing
attack:T1027.007:Dynamic API Resolution
attack:T1588.001:Malware
attack:T1588.002:Tool
attack:T1057:Process Discovery
attack:T1572:Protocol Tunneling
attack:T1090:Proxy
attack:T1014:Rootkit
attack:T1608.001:Upload Malware
attack:T1608.002:Upload Tool
attack:T1082:System Information Discovery
attack:T1497.003:Time Based Evasion

Malware reference

Melofee
HelloBot

Actor reference

No response

Component

Linux

Scenario

No response