SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents

submitted 9 months ago by

https://cybersecuritynews.com/soupdealer-malware-bypasses-every-sandbox/

In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.

That's a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don't see any investigation on the C2 connection, either, so I'm left wondering who the attacked and intended targets are.

Hirom@beehaw.org

9 months ago

And it downloads Tor to connect to C2. So it's a machine with Internet access AND without security mesures.

So it might be a target with poor IT. A windows machine shouldn't be left without AV, especially if it has Internet access.

sad_detective_man@leminal.space

9 months ago

Why would somebody only target machines in Turkey?

ButtermilkBiscuit@feddit.nl

9 months ago

Greece has entered the chat

sad_detective_man@leminal.space

9 months ago

oh wait. yeah, look I'm not a smart man

lurch (he/him)@sh.itjust.works

9 months ago

I'm a smart man and I think your question still stands. Why shouldn't they get along like normal people. (Intentionally no question mark.)

[deleted]

9 months ago

Yikes 😬

SendMePhotos@lemmy.world

9 months ago

SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents

Insert image

Voting Options

React with an emoji

SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents

8 Comments