In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.
That’s a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don’t see any investigation on the C2 connection, either, so I’m left wondering who the attacked and intended targets are.
And it downloads Tor to connect to C2. So it’s a machine with Internet access AND without security mesures.
So it might be a target with poor IT. A windows machine shouldn’t be left without AV, especially if it has Internet access.
Why would somebody only target machines in Turkey?
Greece has entered the chat
oh wait. yeah, look I’m not a smart man
I’m a smart man and I think your question still stands. Why shouldn’t they get along like normal people. (Intentionally no question mark.)
@sad_detective_man @cm0002 Turkey is also somehow a border of the NATO - that can also be a key
Yikes 😬
