← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
AVrecon Malware-Infected Routers Exploited as Residential Proxies by SocksEscort
WHITE PetrP.73 2026-04-04 Modified: 2026-05-04
57
IOCs
HIGH VOLUME
AVrecon malware has been identified as a significant threat targeting routers and Internet of Things (IoT) devices worldwide, with operations affecting approximately 163 countries, including the United States. This malware allows threat actors, particularly associated with the SocksEscort service, to compromise routers, install AVrecon, and subsequently sell access to these devices as residential proxies. The service is reported to have compromised around 369,000 devices since its inception in 2020. The FBI, in collaboration with various global law enforcement agencies, has recently initiated actions against SocksEscort, leading to its takedown.
avrecon malwaremd5 hashc2 domainsc2 uri
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
AVrecon
Indicators of Compromise (57)
All FileHash-MD5 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 007fe05132e429ff57393163354f4c90 2026-04-04
FileHash-MD5 06d491b70f369b2672fce5a7b59a5c93 2026-04-04
FileHash-MD5 126b1c224e8635d9571f9d769d7b55e2 2026-04-04
FileHash-MD5 1c8c17ef978bd4f03db672c0b2d51d00 2026-04-04
FileHash-MD5 1f970f5eb9cbef8dba11e2aed72373ba 2026-04-04
FileHash-MD5 232fdd85e07f74ea232cadafdb095d31 2026-04-04
FileHash-MD5 2a646682ee7f0f853605c78bb9126ed5 2026-04-04
FileHash-MD5 327c1ca93321705027e0bf47658b5f53 2026-04-04
FileHash-MD5 32f1f238da09f1ebc1385317d50e94b4 2026-04-04
FileHash-MD5 3bfc273e5592825443ded9c28f50cd5d 2026-04-04
FileHash-MD5 3f83790a150a6bf71b908289fd230014 2026-04-04
FileHash-MD5 444138b1d805808a06c4b908c7b73d96 2026-04-04
FileHash-MD5 4651d6a90d24cf57c83a76ab160abf85 2026-04-04
FileHash-MD5 48374bfb610280c48086817cfb2bb310 2026-04-04
FileHash-MD5 48ef5c2a62d1ae95ea37d165e8a1be26 2026-04-04
FileHash-MD5 4943e8c2a29ad616ec12cd7a507c612c 2026-04-04
FileHash-MD5 4a884070ea340d89756be6575676ce85 2026-04-04
FileHash-MD5 4d63235fdd3e0ace207d8fdbe19d63e0 2026-04-04
FileHash-MD5 53437d28fdf92c09821f56140c67aaca 2026-04-04
FileHash-MD5 53f02fdf9c375c1837a31edf68694380 2026-04-04
FileHash-MD5 6501a2d2ed60b85b1080ac9edaf39b70 2026-04-04
FileHash-MD5 667ae41f4a6201071b8cc3f88e3e02c7 2026-04-04
FileHash-MD5 6a389a89a6da7433210d9a52fc72589c 2026-04-04
FileHash-MD5 6a6619b4b9a53233ca0a56606c484f9a 2026-04-04
FileHash-MD5 6ec7063f03f95499b6c1821f90bda7e6 2026-04-04
FileHash-MD5 70c2317f40de5b28f42d640488910140 2026-04-04
FileHash-MD5 74e5514cdd3ef6f703483700f04b5812 2026-04-04
FileHash-MD5 7d4c60c77a7d74cc3d9af4dabbecdbb8 2026-04-04
FileHash-MD5 8a978017496adb02eb368f3b28bc4ccd 2026-04-04
FileHash-MD5 8ad3f40fd8fcf2c7ee04d1219017cfe3 2026-04-04
FileHash-MD5 8fc84a03b66ceccd394c6a754bb513a6 2026-04-04
FileHash-MD5 920534d235204ced7ad2c76c1af7b3f8 2026-04-04
FileHash-MD5 963354b60552af16408cf4d82a827832 2026-04-04
FileHash-MD5 9752ac893640a027bea5a6df48ceb396 2026-04-04
domain advstat.cc 2026-04-04
domain atable.cc 2026-04-04
domain backdump.cc 2026-04-04
domain cleandone.cc 2026-04-04
domain critlan.cc 2026-04-04
domain dzero.cc 2026-04-04
domain evrc.space 2026-04-04
domain fpride.cc 2026-04-04
domain lups.cc 2026-04-04
domain meterstrack.cc 2026-04-04
domain netjunk.cc 2026-04-04
domain plxz.cc 2026-04-04
domain r0ck.online 2026-04-04
domain regul.cc 2026-04-04
domain startsun.cc 2026-04-04
domain utcp.cc 2026-04-04
domain vdem.cc 2026-04-04
domain zeroback.cc 2026-04-04
domain zeroback2.cc 2026-04-04
domain zeroback3.cc 2026-04-04
domain zeroback4.cc 2026-04-04
domain zerophone.cc 2026-04-04
domain zorc.cc 2026-04-04
References (1)
↗ https://fbi.gov/file-repository/cyber-alerts/