RDPStealer Does Cortex XDR Pro cover this ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

RDPStealer Does Cortex XDR Pro cover this ?

L3 Networker

Hello dear LIVEcommunity!

 

someone know if Cortex XDR pro cover this attack?

RDPStrealer is a stealer that allows attackers to obtain the user's login credentials when trying to contact other machines, thus ensuring their persistence on the network by stealth.

 

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (bitdefender.co.uk)

New 'RDStealer' Malware Targets RDP Connections - SecurityWeek

Researchers uncover novel RDStealer malware targeting remote desktop protocol | ITPro

Best regards
Tiago Marques
2 accepted solutions

Accepted Solutions

L4 Transporter

Hi Tlmarques,

 

For coverage assessment requests, please open a TAC case.

View solution in original post

When you submit a coverage assessment request, TAC takes it to our research team, they know there are no logs to request.

View solution in original post

4 REPLIES 4

L4 Transporter

Hi Tlmarques,

 

For coverage assessment requests, please open a TAC case.

Hi, we currently don't have any issues in our company. However, I would like to know if Cortex XDR provides protections against that specific attack.

Usually, when I open a case, the support team requests logs...and we don't have them for this situation. It's only a question about protections, etc.... but alright, I will ask TAC.

Thnks

Best regards
Tiago Marques

When you submit a coverage assessment request, TAC takes it to our research team, they know there are no logs to request.

L3 Networker

TAC response:

From the key factors, the RDStealer could use:

- DLL hijacking 
- Credential dumping
- The process msql/lsass 

All is covered by Cortex

Best regards
Tiago Marques
  • 2 accepted solutions
  • 1502 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!