In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.
That’s a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don’t see any investigation on the C2 connection, either, so I’m left wondering who the attacked and intended targets are.
And it downloads Tor to connect to C2. So it’s a machine with Internet access AND without security mesures.
So it might be a target with poor IT. A windows machine shouldn’t be left without AV, especially if it has Internet access.
Why would somebody only target machines in Turkey?
@sad_detective_man @cm0002 Turkey is also somehow a border of the NATO - that can also be a key
Greece has entered the chat
oh wait. yeah, look I’m not a smart man
I’m a smart man and I think your question still stands. Why shouldn’t they get along like normal people. (Intentionally no question mark.)
Yikes 😬
