08-02-2023 07:45 AM
Hello dear LIVEcommunity!
someone know if Cortex XDR pro cover this attack?
RDPStrealer is a stealer that allows attackers to obtain the user's login credentials when trying to contact other machines, thus ensuring their persistence on the network by stealth.
Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (bitdefender.co.uk)
New 'RDStealer' Malware Targets RDP Connections - SecurityWeek
Researchers uncover novel RDStealer malware targeting remote desktop protocol | ITPro
08-02-2023 08:54 AM
Hi Tlmarques,
For coverage assessment requests, please open a TAC case.
08-02-2023 09:23 AM
When you submit a coverage assessment request, TAC takes it to our research team, they know there are no logs to request.
08-02-2023 08:54 AM
Hi Tlmarques,
For coverage assessment requests, please open a TAC case.
08-02-2023 09:16 AM
Hi, we currently don't have any issues in our company. However, I would like to know if Cortex XDR provides protections against that specific attack.
Usually, when I open a case, the support team requests logs...and we don't have them for this situation. It's only a question about protections, etc.... but alright, I will ask TAC.
Thnks
08-02-2023 09:23 AM
When you submit a coverage assessment request, TAC takes it to our research team, they know there are no logs to request.
08-04-2023 07:31 AM
TAC response:
From the key factors, the RDStealer could use:
- DLL hijacking
- Credential dumping
- The process msql/lsass
All is covered by Cortex
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
