Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Turtle‘s Enhanced Realworld Tests ( updated )
Message
<blockquote data-quote="ShenguiTurmi" data-source="post: 1026903" data-attributes="member: 99409"><p>This is the test I did in China security forum from January 18-23, and I'm carrying it over so that more people can see it.</p><p></p><p>In 2020 we tested mainstream security software using the Empire framework (not carried over, I'm just paraphrasing the original) and some of them were able to defend well, while others failed miserably.</p><p>Now, almost three years later, we are going to do it again, this time using the more advanced and popular CobaltStrike framework.</p><p></p><p>Our test will do the following:</p><p>1. download the payload to local machine</p><p>2. start the payload (may have a loader)</p><p>3. payload establish c2 connection (target server is public cloud server)</p><p>4. target machine online</p><p>5. screenshot the target machine and send to cobaltstrike teamserver</p><p>6. teamserver send a command to obtain a txt file in the c drive (simulated data theft)</p><p>If the security software blocks any step of the following process in any way (including static scanning/bb/firewall blocking c2, etc.), the defense is considered successful, and only after all steps are executed and still no action is considered a failure.</p><p></p><p>This time we prepared 10 samples for testing purposes, all using the CobaltStrike framework.</p><p>Sample 1: CobaltStrike HTA (VBA) Payload, which will call VBA to run Payload after execution.</p><p>Sample 2: CobaltStrike Powershell Payload, built using the self-contained phishing function, no file landing.</p><p>Sample 3: CobaltStrike Bitsadmin Payload, built with its own phishing function, after running, it uses Bitsadmin to download the malicious Payload and combine it into an exe.</p><p>Sample 4: CobaltStrike StageLess EXE, as the most basic form of CS backdoor, to examine the strength of security software features.</p><p>Sample 5: In sample 4 EXE based on the addition of Themida protection, to examine whether the detection capabilities of security software will be affected by protection.</p><p>Sample 6: Payload loaded by NIM generated loader on top of CobaltStrike C Payload, inject to notepad launch Payload.</p><p>Sample 7: Payload loaded by NIM generated loader on top of CobaltStrike C Payload, using 3DES encryption.</p><p>Sample 8: Payload loaded by Veil generated Go language loader on top of CobaltStrike Powershell Payload.</p><p>Sample 9: Payload loaded by Veil-generated Python language loader on top of CobaltStrike Powershell Payload, using DES encryption.</p><p>Sample 10: Payload loaded by Go language loader provided by TideSec on top of CobaltStrike C language Payload, using XOR encryption.</p><p></p><p>Although I am now the only one involved in the test in MalwareTips, it is right to leave their names:</p><p>Kafan Malware Test Group: [USER=99409]@ShenguiTurmi[/USER]</p><p>Kafan BangBangTuan: @隔山打空气 @呵呵大神001</p><p>Participants without team: @東雪蓮Official</p><p></p><p>Because the workload of carrying screenshots one by one from other forums is a bit too much, I will first publish the test results, if you want to see which security software test screenshots, please reply to tell me, I will carry the screenshots over.</p><p></p><p>Test result:</p><p></p><p>Huorong <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ × √ √ √ √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>Tencent PC Manager(China TAV ver. not BD engine global ver.) <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ × √ √ × × × √ × ×</p><p>Failed(4/10)</p><p></p><p>Qihoo 360(China ver. not 360TS) <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ √ √ √ × √ √ × × √</p><p>Failed(7/10)</p><p></p><p>WiseVector StopX <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Kingsoft Duba(China ver. not Kingsoft IS Pro) <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ √ √ × × × × × √ ×</p><p>Failed(4/10)</p><p></p><p>Qi-AnXin TianShou <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Rising V17 <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇳" title="Flag: China :flag_cn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1f3.png" data-shortname=":flag_cn:" />:</p><p>√ × √ √ × × × √ × ×</p><p>Failed(4/10)</p><p></p><p>HitmanPro.Alert <img class="smilie smilie--emoji" loading="lazy" alt="🇳🇱" title="Flag: Netherlands :flag_nl:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f3-1f1f1.png" data-shortname=":flag_nl:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Microsoft Defender <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ × √ √ √ × × √ √ ×</p><p>Failed(6/10)</p><p></p><p>Avast One <img class="smilie smilie--emoji" loading="lazy" alt="🇨🇿" title="Flag: Czechia :flag_cz:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e8-1f1ff.png" data-shortname=":flag_cz:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Heimdal <img class="smilie smilie--emoji" loading="lazy" alt="🇩🇰" title="Flag: Denmark :flag_dk:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e9-1f1f0.png" data-shortname=":flag_dk:" />:</p><p>× × √ √ √ √ √ √ √ √</p><p>Failed(8/10)</p><p></p><p>F-Secure <img class="smilie smilie--emoji" loading="lazy" alt="🇫🇮" title="Flag: Finland :flag_fi:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1eb-1f1ee.png" data-shortname=":flag_fi:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Norton 360 <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Ikarus <img class="smilie smilie--emoji" loading="lazy" alt="🇦🇹" title="Flag: Austria :flag_at:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e6-1f1f9.png" data-shortname=":flag_at:" />:</p><p>√ × √ √ × √ √ √ × √</p><p>Failed(7/10)</p><p></p><p>Kaspersky IS <img class="smilie smilie--emoji" loading="lazy" alt="🇷🇺" title="Flag: Russia :flag_ru:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f7-1f1fa.png" data-shortname=":flag_ru:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Avira <img class="smilie smilie--emoji" loading="lazy" alt="🇩🇪" title="Flag: Germany :flag_de:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e9-1f1ea.png" data-shortname=":flag_de:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Bitdefender <img class="smilie smilie--emoji" loading="lazy" alt="🇷🇴" title="Flag: Romania :flag_ro:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f7-1f1f4.png" data-shortname=":flag_ro:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Ahnlab V3 Lite <img class="smilie smilie--emoji" loading="lazy" alt="🇰🇷" title="Flag: South Korea :flag_kr:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f0-1f1f7.png" data-shortname=":flag_kr:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>McAfee <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ √ √ √ √ × × √ √ ×</p><p>Failed(7/10)</p><p></p><p>Malwarebytes <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ × √ √ √ √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>Panda Dome <img class="smilie smilie--emoji" loading="lazy" alt="🇪🇸" title="Flag: Spain :flag_es:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ea-1f1f8.png" data-shortname=":flag_es:" />:</p><p>× × √ × × × × × × ×</p><p>Failed(1/10)</p><p></p><p>TrendMicro <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ √ √ √ √ × √ √ √ √</p><p>Failed(9/10)</p><p></p><p>ESET <img class="smilie smilie--emoji" loading="lazy" alt="🇸🇰" title="Flag: Slovakia :flag_sk:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f8-1f1f0.png" data-shortname=":flag_sk:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>QuickHeal <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇳" title="Flag: India :flag_in:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f3.png" data-shortname=":flag_in:" />:</p><p>√ × √ √ × × × × × ×</p><p>Failed(3/10)</p><p></p><p>Webroot <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>× × √ √ × × × √ × ×</p><p>Failed(3/10)</p><p></p><p>ZoneAlarm Next-Gen <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇱" title="Flag: Israel :flag_il:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f1.png" data-shortname=":flag_il:" />:</p><p>√ × √ √ √ √ √ √ √ ×</p><p>Failed(8/10)</p><p></p><p>Arconis <img class="smilie smilie--emoji" loading="lazy" alt="🇸🇬" title="Flag: Singapore :flag_sg:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f8-1f1ec.png" data-shortname=":flag_sg:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Cisco Immunet <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>× × × × × × × × × ×</p><p>Failed</p><p></p><p>Vibranium <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇳" title="Flag: India :flag_in:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f3.png" data-shortname=":flag_in:" />:</p><p>× × √ √ √ √ √ √ √ ×</p><p>Failed(7/10)</p><p></p><p>Drweb AVDesk <img class="smilie smilie--emoji" loading="lazy" alt="🇷🇺" title="Flag: Russia :flag_ru:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f7-1f1fa.png" data-shortname=":flag_ru:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>K7 <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇳" title="Flag: India :flag_in:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f3.png" data-shortname=":flag_in:" />:</p><p>√ × √ √ √ √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>GDATA <img class="smilie smilie--emoji" loading="lazy" alt="🇩🇪" title="Flag: Germany :flag_de:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e9-1f1ea.png" data-shortname=":flag_de:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Approved</p><p></p><p>Emsisoft <img class="smilie smilie--emoji" loading="lazy" alt="🇳🇿" title="Flag: New Zealand :flag_nz:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f3-1f1ff.png" data-shortname=":flag_nz:" />:</p><p>√ × √ √ √ √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>VIPRE <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ √ √ √ × √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>TotalDefense <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>√ √ √ √ × √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>eScan <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇳" title="Flag: India :flag_in:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f3.png" data-shortname=":flag_in:" />:</p><p>√ × √ √ √ √ √ √ √ √</p><p>Failed(9/10)</p><p></p><p>Adaware Free <img class="smilie smilie--emoji" loading="lazy" alt="🇩🇪" title="Flag: Germany :flag_de:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e9-1f1ea.png" data-shortname=":flag_de:" />:</p><p>√ × √ √ × √ √ √ √ √</p><p>Failed(8/10)</p><p></p><p>Comodo IS Pro <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>? × ? ? ? ? ? ? ? ?</p><p>Failed(9/10)</p><p>NOTE: comodo did not detect any malicious behavior from start to finish, and the testing process was carried out completely, but comodo put 9 samples in a sandbox run automatically, so no screenshots or files of the real system were stolen (except sample 2).</p><p></p><p>Watchdog Anti-Malware <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇸" title="Flag: United States :flag_us:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1f8.png" data-shortname=":flag_us:" />:</p><p>× × × × × × × × × ×</p><p>Failed</p><p></p><p>Zemana Anti-Malware <img class="smilie smilie--emoji" loading="lazy" alt="🇧🇬" title="Flag: Bulgaria :flag_bg:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1e7-1f1ec.png" data-shortname=":flag_bg:" />:</p><p>× × × × √ × × × × ×</p><p>Failed(1/10)</p><p></p><p>Zillya <img class="smilie smilie--emoji" loading="lazy" alt="🇺🇦" title="Flag: Ukraine :flag_ua:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fa-1f1e6.png" data-shortname=":flag_ua:" />:</p><p>× × × × × × × × × ×</p><p>Failed</p><p></p><p>Protegent <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇳" title="Flag: India :flag_in:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f3.png" data-shortname=":flag_in:" />:</p><p>× × √ × × × × × × ×</p><p>Failed(1/10)</p><p></p><p>Bkav Free <img class="smilie smilie--emoji" loading="lazy" alt="🇻🇳" title="Flag: Vietnam :flag_vn:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1fb-1f1f3.png" data-shortname=":flag_vn:" />:</p><p>× × × × × × × × × ×</p><p>Failed</p><p>NOTE: During testing, I found that the bkav free database has not been updated for a long time, and I'm not sure if they still maintain the free version.</p><p></p><p>MaxSecure <img class="smilie smilie--emoji" loading="lazy" alt="🇮🇳" title="Flag: India :flag_in:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1ee-1f1f3.png" data-shortname=":flag_in:" />:</p><p>× × √ √ √ √ √ √ √ ×</p><p>Failed(7/10)</p><p></p><p>Catchpulse Lite <img class="smilie smilie--emoji" loading="lazy" alt="🇸🇬" title="Flag: Singapore :flag_sg:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f1f8-1f1ec.png" data-shortname=":flag_sg:" />:</p><p>√ √ √ √ √ √ √ √ √ √</p><p>Failed(FP)</p><p>NOTE:catchpulse prevented the full attack, but it FP some normal files in my VM, which shouldn't have happened, so I counted it as a failure.</p><p></p><p>Source Test Link (chinese, maybe login require to show screenshot):<a href="https://bbs.kafan.cn/thread-2250429-1-1.html" target="_blank">【毒组x帮帮团】如果用攻击企业的方法攻击个人安全软件会怎么样呢? 第三期_国外杀毒软件_安全区 卡饭论坛 - 互助分享 - 大气谦和!</a></p></blockquote><p></p>
[QUOTE="ShenguiTurmi, post: 1026903, member: 99409"] This is the test I did in China security forum from January 18-23, and I'm carrying it over so that more people can see it. In 2020 we tested mainstream security software using the Empire framework (not carried over, I'm just paraphrasing the original) and some of them were able to defend well, while others failed miserably. Now, almost three years later, we are going to do it again, this time using the more advanced and popular CobaltStrike framework. Our test will do the following: 1. download the payload to local machine 2. start the payload (may have a loader) 3. payload establish c2 connection (target server is public cloud server) 4. target machine online 5. screenshot the target machine and send to cobaltstrike teamserver 6. teamserver send a command to obtain a txt file in the c drive (simulated data theft) If the security software blocks any step of the following process in any way (including static scanning/bb/firewall blocking c2, etc.), the defense is considered successful, and only after all steps are executed and still no action is considered a failure. This time we prepared 10 samples for testing purposes, all using the CobaltStrike framework. Sample 1: CobaltStrike HTA (VBA) Payload, which will call VBA to run Payload after execution. Sample 2: CobaltStrike Powershell Payload, built using the self-contained phishing function, no file landing. Sample 3: CobaltStrike Bitsadmin Payload, built with its own phishing function, after running, it uses Bitsadmin to download the malicious Payload and combine it into an exe. Sample 4: CobaltStrike StageLess EXE, as the most basic form of CS backdoor, to examine the strength of security software features. Sample 5: In sample 4 EXE based on the addition of Themida protection, to examine whether the detection capabilities of security software will be affected by protection. Sample 6: Payload loaded by NIM generated loader on top of CobaltStrike C Payload, inject to notepad launch Payload. Sample 7: Payload loaded by NIM generated loader on top of CobaltStrike C Payload, using 3DES encryption. Sample 8: Payload loaded by Veil generated Go language loader on top of CobaltStrike Powershell Payload. Sample 9: Payload loaded by Veil-generated Python language loader on top of CobaltStrike Powershell Payload, using DES encryption. Sample 10: Payload loaded by Go language loader provided by TideSec on top of CobaltStrike C language Payload, using XOR encryption. Although I am now the only one involved in the test in MalwareTips, it is right to leave their names: Kafan Malware Test Group: [USER=99409]@ShenguiTurmi[/USER] Kafan BangBangTuan: @隔山打空气 @呵呵大神001 Participants without team: @東雪蓮Official Because the workload of carrying screenshots one by one from other forums is a bit too much, I will first publish the test results, if you want to see which security software test screenshots, please reply to tell me, I will carry the screenshots over. Test result: Huorong 🇨🇳: √ × √ √ √ √ √ √ √ √ Failed(9/10) Tencent PC Manager(China TAV ver. not BD engine global ver.) 🇨🇳: √ × √ √ × × × √ × × Failed(4/10) Qihoo 360(China ver. not 360TS) 🇨🇳: √ √ √ √ × √ √ × × √ Failed(7/10) WiseVector StopX 🇨🇳: √ √ √ √ √ √ √ √ √ √ Approved Kingsoft Duba(China ver. not Kingsoft IS Pro) 🇨🇳: √ √ √ × × × × × √ × Failed(4/10) Qi-AnXin TianShou 🇨🇳: √ √ √ √ √ √ √ √ √ √ Approved Rising V17 🇨🇳: √ × √ √ × × × √ × × Failed(4/10) HitmanPro.Alert 🇳🇱: √ √ √ √ √ √ √ √ √ √ Approved Microsoft Defender 🇺🇸: √ × √ √ √ × × √ √ × Failed(6/10) Avast One 🇨🇿: √ √ √ √ √ √ √ √ √ √ Approved Heimdal 🇩🇰: × × √ √ √ √ √ √ √ √ Failed(8/10) F-Secure 🇫🇮: √ √ √ √ √ √ √ √ √ √ Approved Norton 360 🇺🇸: √ √ √ √ √ √ √ √ √ √ Approved Ikarus 🇦🇹: √ × √ √ × √ √ √ × √ Failed(7/10) Kaspersky IS 🇷🇺: √ √ √ √ √ √ √ √ √ √ Approved Avira 🇩🇪: √ √ √ √ √ √ √ √ √ √ Approved Bitdefender 🇷🇴: √ √ √ √ √ √ √ √ √ √ Approved Ahnlab V3 Lite 🇰🇷: √ √ √ √ √ √ √ √ √ √ Approved McAfee 🇺🇸: √ √ √ √ √ × × √ √ × Failed(7/10) Malwarebytes 🇺🇸: √ × √ √ √ √ √ √ √ √ Failed(9/10) Panda Dome 🇪🇸: × × √ × × × × × × × Failed(1/10) TrendMicro 🇺🇸: √ √ √ √ √ × √ √ √ √ Failed(9/10) ESET 🇸🇰: √ √ √ √ √ √ √ √ √ √ Approved QuickHeal 🇮🇳: √ × √ √ × × × × × × Failed(3/10) Webroot 🇺🇸: × × √ √ × × × √ × × Failed(3/10) ZoneAlarm Next-Gen 🇮🇱: √ × √ √ √ √ √ √ √ × Failed(8/10) Arconis 🇸🇬: √ √ √ √ √ √ √ √ √ √ Approved Cisco Immunet 🇺🇸: × × × × × × × × × × Failed Vibranium 🇮🇳: × × √ √ √ √ √ √ √ × Failed(7/10) Drweb AVDesk 🇷🇺: √ √ √ √ √ √ √ √ √ √ Approved K7 🇮🇳: √ × √ √ √ √ √ √ √ √ Failed(9/10) GDATA 🇩🇪: √ √ √ √ √ √ √ √ √ √ Approved Emsisoft 🇳🇿: √ × √ √ √ √ √ √ √ √ Failed(9/10) VIPRE 🇺🇸: √ √ √ √ × √ √ √ √ √ Failed(9/10) TotalDefense 🇺🇸: √ √ √ √ × √ √ √ √ √ Failed(9/10) eScan 🇮🇳: √ × √ √ √ √ √ √ √ √ Failed(9/10) Adaware Free 🇩🇪: √ × √ √ × √ √ √ √ √ Failed(8/10) Comodo IS Pro 🇺🇸: ? × ? ? ? ? ? ? ? ? Failed(9/10) NOTE: comodo did not detect any malicious behavior from start to finish, and the testing process was carried out completely, but comodo put 9 samples in a sandbox run automatically, so no screenshots or files of the real system were stolen (except sample 2). Watchdog Anti-Malware 🇺🇸: × × × × × × × × × × Failed Zemana Anti-Malware 🇧🇬: × × × × √ × × × × × Failed(1/10) Zillya 🇺🇦: × × × × × × × × × × Failed Protegent 🇮🇳: × × √ × × × × × × × Failed(1/10) Bkav Free 🇻🇳: × × × × × × × × × × Failed NOTE: During testing, I found that the bkav free database has not been updated for a long time, and I'm not sure if they still maintain the free version. MaxSecure 🇮🇳: × × √ √ √ √ √ √ √ × Failed(7/10) Catchpulse Lite 🇸🇬: √ √ √ √ √ √ √ √ √ √ Failed(FP) NOTE:catchpulse prevented the full attack, but it FP some normal files in my VM, which shouldn't have happened, so I counted it as a failure. Source Test Link (chinese, maybe login require to show screenshot):[URL="https://bbs.kafan.cn/thread-2250429-1-1.html"]【毒组x帮帮团】如果用攻击企业的方法攻击个人安全软件会怎么样呢? 第三期_国外杀毒软件_安全区 卡饭论坛 - 互助分享 - 大气谦和![/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
