Malware

Anyproxy

Anyproxy is identified in the provided content as a cybercriminal service associated with a botnet that was dismantled during Operation Moonlander. It is mentioned alongside 5socks and other botnet-backed criminal services that have faced law-enforcement scrutiny since 2021. The content directly states that Operation Moonlander dismantled the botnet behind the Anyproxy and 5socks services. No additional high-confidence technical details about Anyproxy’s malware family, infection chain, capabilities, targeted platforms, victimology, associated threat actor, or indicators of compromise are provided in the supplied material.

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

MITRE ATT&CK

Techniques & procedures

1 distinct technique documented for this family, organized by ATT&CK tactic.

Command and Control

1 technique

T1090.003Multi-hop ProxyEvidence1

One of the techniques used is setting up proxy servers on infected systems to tunnel traffic outside the enterprise to the infected hosts using tools such as Stowaway ... UAT-8302 may use other tools such as anyproxy to set up proxies within the infected enterprise’s network

INDICATORS OF COMPROMISE

IOCs tracked for this family

1 indicator attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app

Hashes

1 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

TypeValueLatest sighting

hash.sha256●●●●●●●●●●●●View more in app2 months ago

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

the record mediaNews

Mar 20, 2026

US seizes domains and infrastructure used in sprawling botnet campaigns | The Record from Recorded Future News

Named as a botnet that has faced law enforcement scrutiny since 2021.

the record mediaNews

Mar 12, 2026

US, Europol disrupt SocksEscort network that exploited thousands of residential routers | The Record from Recorded Future News

Referenced as a proxy/botnet service that has faced law enforcement scrutiny since 2021.

securityaffairsNews

May 11, 2025

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

Botnet/service referenced as being dismantled in Operation Moonlander.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching1

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping1

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.