PROXY.AM Powered by Socks5Systemz Botnet

SUMMARY :

The Socks5Systemz botnet, active since 2013, has been operating under the radar by integrating with other malware as a SOCK5 proxy module. Recently, it has grown to 250,000 compromised systems globally. The botnet powers PROXY.AM, a service providing proxy exit nodes for criminal activities. Originally sold as standalone malware, Socks5Systemz was adapted for use in Andromeda, Smokeloader, and Trickbot. The botnet's size fluctuates, with recent estimates ranging from 85,000 to 100,000 daily active bots. PROXY.AM, registered in 2016, offers 'elite, private and anonymous proxies' for various purposes, including account brute-forcing. The malware has undergone recent updates, including new infrastructure and obfuscation techniques.

OPENCTI LABELS :

botnet,proxy,socks5systemz,socks5


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


PROXY.AM Powered by Socks5Systemz Botnet