Immediately isolate any workstation where this file is discovered from the rest of the network [2].
Historically linked to ransomware affiliates (such as those deploying Ryuk or Conti ) who use it for lateral movement and command-and-control (C2) communication [4, 6]. Typical Behavior socksonly.7z
Typically contains a Windows executable (e.g., socks.exe or service.exe ) that functions as the SystemBC malware [2, 5]. Immediately isolate any workstation where this file is
It communicates with hardcoded IP addresses or domains using a custom binary protocol to receive instructions from the attacker [3, 6]. Security Recommendations 6]. Security Recommendations