Full Report
2025-02-20 • Infrawatch • Infrawatch Research Team • win.ghostsocks, win.lumma Open article on Malpedia
Analysis Summary
The provided article description is very minimal, mainly serving as a citation and linking placeholder for an entry on "GhostSocks - Lumma's Partner In Proxy" from Malpedia, authored by the Infrawatch Research Team.
Based *only* on the provided context, the summary below focuses on the mentioned malware/tool, GhostSocks, and its noted association with Lumma.
# Tool/Technique: GhostSocks
## Overview
GhostSocks is detailed as a proxy tool that partners with the Lumma malware family. It is likely used to facilitate command and control (C2) communication or data exfiltration for Lumma by routing traffic through proxy mechanisms.
## Technical Details
- Type: Tool/Proxy Component (Associated with malware family Lumma)
- Platform: Windows (Inferred from Malpedia reference `win.ghostsocks`)
- Capabilities: Acts as a proxy mechanism, specifically in partnership with Lumma malware.
- First Seen: Not specified in the provided text (Date of article is 2025-02-20).
## MITRE ATT&CK Mapping
- **Note:** Specific mappings are not provided in the context, but based on its description as a proxy tool used by malware, the following are likely relevant tactics:
- TA0011 - Command and Control
- T1090 - Proxy
- T1090.002 - Proxy: External Proxy Server (Potential, depending on implementation)
## Functionality
### Core Capabilities
- Providing proxy capabilities to support the operations of the Lumma malware.
### Advanced Features
- No advanced features are specified in the provided context.
## Indicators of Compromise
- File Hashes: [Not available in context]
- File Names: [Not available in context]
- Registry Keys: [Not available in context]
- Network Indicators: [Not available in context, but associated with Lumma C2 infrastructure]
- Behavioral Indicators: [Not available in context, but likely related to SOCKS/HTTP proxy establishment]
## Associated Threat Actors
- Associated with operators using the Lumma malware family.
## Detection Methods
- [Not available in context]
## Mitigation Strategies
- [Not available in context]
## Related Tools/Techniques
- Lumma (Malware family)