NoisyS0cks: Undocumented SOCKS5 Pivot Framework Giving Ransomware Affiliates a Foothold Inside Networks
ID: 24bf7bb5-0418-5a65-8046-af1aa1f7793a
STIX ID: report--24bf7bb5-0418-5a65-8046-af1aa1f7793a
Feed Name: WatchGuard Secplicity Blog
### Executive Summary This report analyzes "NoisyS0cks" (s0cks-noise-v1), a Golang pivot framework that establishes smux-multiplexed SOCKS5-style tunnels using KCP-over-UDP (DTLS obfuscation) or Noise-over-TCP (TLS obfuscation), persists as a fake TieringEngineService.exe and scheduled task, and is designed to enable lateral movement and multi-stream tunneling for follow-on activity; the analysis includes static/runtime findings, PCAP verification, IoCs (hashes, C2 67.217.228.51), and a YARA rule.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
