Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

PROXY.AM Powered by Socks5Systemz Botnet

Dec. 4, 2024, 10:26 a.m.

Tags
botnet
proxy
2024-12-04
socks5
socks5systemz
External References
Description

The Socks5Systemz botnet, active since 2013, has been operating under the radar by integrating with other malware as a SOCK5 proxy module. Recently, it has grown to 250,000 compromised systems globally. The botnet powers PROXY.AM, a service providing proxy exit nodes for criminal activities. Originally sold as standalone malware, Socks5Systemz was adapted for use in Andromeda, Smokeloader, and Trickbot. The botnet's size fluctuates, with recent estimates ranging from 85,000 to 100,000 daily active bots. PROXY.AM, registered in 2016, offers 'elite, private and anonymous proxies' for various purposes, including account brute-forcing. The malware has undergone recent updates, including new infrastructure and obfuscation techniques.

Date

Published: Dec. 4, 2024, 10:17 a.m.

Created: Dec. 4, 2024, 10:17 a.m.

Modified: Dec. 4, 2024, 10:26 a.m.

Indicators

fa3fe68c4a784c01e170098296b3212696b611e0239b69a40f4438532ca33e88

f6bbff3463d01da463091dc3347f5f42b32378353d2f7ddfab6285ecf0450c14

f4456c54b840b5650d131ee27ffc9f23b7b3d8344cd88bd2dd2dbad05741e401

e185e43f039f7a97672db4a44597abd6d2bf49c08d7bc689318a098ec826bb00

dd075ec25d314f2d97d89065239ccb1d6c680d3f08ea94bf59f522545a1546c9

c742642edeae783ffdc9efd52f514a5eef830ec115f8e723ee7cfd82ca7c0ba6

bf34984756336bc78428f3f856be287ef364afa3330cac5facf019c39be73657

b1e5b0e42e039b9711c435d691f1372ec663b2cb5a5d6a733d859d75a9f2d662

aa93289a23603efc27f70a7eb38f8e81fa7c30f4a5dff71f70c6f2ee583df619

a2a41ff58541f577ea1580932cc89642e987239a2fa1ccdb33a3029a520ecd0b

75e722495c157a05b557580863f90b856d6ec229c7cb4974a008c823377369f5

54feb0e02729304c1c054e34c3bcb4e76be31b31ec2276187ccc4479378ce130

5260154782dd66c6a7b0e14c077c4b44ed1f483c6708495d0344edf8a14e2b27

36cffd7d54385e0473cb7f7bf2d33910027428837725c4d3649ff1af2d88cb2b

0fc2f189aa3ebc1ff836079e49dac9758ab5e807d7ab4b42ff37c2376bcc2705

91.211.247.248

89.105.201.183

88.80.150.13

88.80.148.252

81.31.197.38

79.132.128.13

45.155.250.90

194.62.105.143

185.237.207.107

185.208.158.248

185.208.158.202

176.10.111.126

152.89.198.214

141.98.234.31

109.236.51.104

109.235.81.104

46.8.225.74

195.154.185.134

195.154.173.35

185.141.63.216

185.141.63.209

62.210.201.223

https://proxy.am

hpf.proxy.am

design.proxy.am

api.proxy.am

proxyam.one

proxy.am

Download all indicators here!

Attack Patterns

TSPY_TRICKLOAD

Socks5Systemz

Amadey - S1025

Totbrick

TrickBot - S0266

ANDROMEDA - S1074

SmokeLoader

PrivateLoader

Socks5Systemz

T1568

T1571

T1497

T1573

T1082

T1102

T1132

T1027

T1584

T1090

Additional Informations

British Indian Ocean Territory

Algeria

India

Indonesia

Mexico

Pakistan

Ukraine

Brazil

Russian Federation