SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents

⁨33⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨cm0002@piefed.world⁩ to ⁨cybersecurity@infosec.pub⁩

https://cybersecuritynews.com/soupdealer-malware-bypasses-every-sandbox/

Comments

Sort:hotnew top

frongt@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago

In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.

That’s a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don’t see any investigation on the C2 connection, either, so I’m left wondering who the attacked and intended targets are.

source
- Hirom@beehaw.org ⁨3⁩ ⁨weeks⁩ ago
  And it downloads Tor to connect to C2. So it’s a machine with Internet access AND without security mesures.
  
  So it might be a target with poor IT. A windows machine shouldn’t be left without AV, especially if it has Internet access.
  
  source
sad_detective_man@leminal.space ⁨3⁩ ⁨weeks⁩ ago
Why would somebody only target machines in Turkey?

source
- ButtermilkBiscuit@feddit.nl ⁨3⁩ ⁨weeks⁩ ago
  Greece has entered the chat
  
  source
  - sad_detective_man@leminal.space ⁨3⁩ ⁨weeks⁩ ago
    oh wait. yeah, look I’m not a smart man
    
    source
    -> View More Comments
salacious_coaster@infosec.pub ⁨3⁩ ⁨weeks⁩ ago
Yikes 😬

source
SendMePhotos@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Image

source