SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents

SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents (cybersecuritynews.com)
from cm0002@piefed.world to cybersecurity@infosec.pub on 16 Aug 00:26
https://piefed.world/post/382974

#cybersecurity

threaded - newest

salacious_coaster@infosec.pub on 16 Aug 00:48 next collapse

Yikes 😬

SendMePhotos@lemmy.world on 16 Aug 00:57 next collapse

frongt@lemmy.zip on 16 Aug 01:23 next collapse

In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.

That’s a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don’t see any investigation on the C2 connection, either, so I’m left wondering who the attacked and intended targets are.

Hirom@beehaw.org on 16 Aug 08:12 collapse

And it downloads Tor to connect to C2. So it’s a machine with Internet access AND without security mesures.

So it might be a target with poor IT. A windows machine shouldn’t be left without AV, especially if it has Internet access.

sad_detective_man@leminal.space on 16 Aug 05:34 collapse

Why would somebody only target machines in Turkey?

ButtermilkBiscuit@feddit.nl on 16 Aug 07:04 collapse

Greece has entered the chat

sad_detective_man@leminal.space on 16 Aug 07:06 collapse

oh wait. yeah, look I’m not a smart man

lurch@sh.itjust.works on 16 Aug 07:49 collapse

I’m a smart man and I think your question still stands. Why shouldn’t they get along like normal people. (Intentionally no question mark.)