Rule Info
Name
SOCKS Proxy Tunneling Invocation
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects processes that invoke SOCKS proxy tunneling via command-line arguments.
Threat actors abuse SOCKS-capable tools such as chisel, revsocks,
or custom SSH tunnelers to establish covert C2 channels or bypass network controls.
Date
2026-06-23 00:00:00
Modified
None
Id
b7d4f8e1-3a9c-4b2e-8f5d-6c1a0e9b3f7a
Tags
attack.command-and-control attack.t1572 attack.t1090.001
Type
Nextron Sigma feed only (private)
