topic RDPStealer Does Cortex XDR Pro cover this ? in Cortex XDR Discussions

RDPStealer Does Cortex XDR Pro cover this ?

tlmarques — Wed, 02 Aug 2023 14:45:56 GMT

Hello dear LIVEcommunity!

someone know if Cortex XDR pro cover this attack?

RDPStrealer is a stealer that allows attackers to obtain the user's login credentials when trying to contact other machines, thus ensuring their persistence on the network by stealth.

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (bitdefender.co.uk)

New 'RDStealer' Malware Targets RDP Connections - SecurityWeek

Researchers uncover novel RDStealer malware targeting remote desktop protocol | ITPro

Re: RDPStealer Does Cortex XDR Pro cover this ?

afurze — Wed, 02 Aug 2023 15:54:58 GMT

Hi Tlmarques,

For coverage assessment requests, please open a TAC case.

Re: RDPStealer Does Cortex XDR Pro cover this ?

tlmarques — Wed, 02 Aug 2023 16:16:37 GMT

Hi, we currently don't have any issues in our company. However, I would like to know if Cortex XDR provides protections against that specific attack.

Usually, when I open a case, the support team requests logs...and we don't have them for this situation. It's only a question about protections, etc.... but alright, I will ask TAC.

Thnks

Re: RDPStealer Does Cortex XDR Pro cover this ?

afurze — Wed, 02 Aug 2023 16:23:07 GMT

When you submit a coverage assessment request, TAC takes it to our research team, they know there are no logs to request.

Re: RDPStealer Does Cortex XDR Pro cover this ?

tlmarques — Fri, 04 Aug 2023 14:31:07 GMT

TAC response:

From the key factors, the RDStealer could use:
- DLL hijacking
- Credential dumping
- The process msql/lsass

All is covered by Cortex