Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents

⁨27⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨cm0002@piefed.world⁩ to ⁨cybersecurity@infosec.pub⁩

https://cybersecuritynews.com/soupdealer-malware-bypasses-every-sandbox/

source

Comments

Sort:hotnewtop
  • frongt@lemmy.zip ⁨1⁩ ⁨day⁩ ago

    In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.

    That’s a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don’t see any investigation on the C2 connection, either, so I’m left wondering who the attacked and intended targets are.

    source
    • Hirom@beehaw.org ⁨19⁩ ⁨hours⁩ ago

      And it downloads Tor to connect to C2. So it’s a machine with Internet access AND without security mesures.

      So it might be a target with poor IT. A windows machine shouldn’t be left without AV, especially if it has Internet access.

      source
  • sad_detective_man@leminal.space ⁨21⁩ ⁨hours⁩ ago

    Why would somebody only target machines in Turkey?

    source
    • ButtermilkBiscuit@feddit.nl ⁨20⁩ ⁨hours⁩ ago

      Greece has entered the chat

      source
      • sad_detective_man@leminal.space ⁨20⁩ ⁨hours⁩ ago

        oh wait. yeah, look I’m not a smart man

        source
        • -> View More Comments
  • salacious_coaster@infosec.pub ⁨1⁩ ⁨day⁩ ago

    Yikes 😬

    source
  • SendMePhotos@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Image

    source