Socksbot

Socksbot is a backdoor that abuses Socket Secure (SOCKS) proxies. [1]

ID: S0273
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1090Connection ProxySocksbot can start SOCKS proxy threads.[1]
EnterpriseT1086PowerShellSocksbot can write and execute PowerShell scripts.[1]
EnterpriseT1057Process DiscoverySocksbot can list all running processes.[1]
EnterpriseT1055Process InjectionSocksbot creates a suspended svchost process and injects its DLL into it.[1]
EnterpriseT1113Screen CaptureSocksbot can take screenshots.[1]

Groups

Groups that use this software:

Patchwork

References