Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
0
Helpful
3
Replies

Dridex Banking Trojan

Mady
Level 4
Level 4

‎03-01-2017 06:08 PM - edited ‎02-20-2020 09:03 PM

Hello,

Does Firepower has the capability to mitigate Dridex Banking trojan with atombombing code injection ability? 

http://thehackernews.com/2017/03/dridex-atombombing-malware.html

Regards,

Mady

Labels:
0 Helpful
3 Replies 3

Dennis Perto
Level 5
Level 5

‎03-02-2017 12:56 PM

Firepower can stop the file transfer if the file i known at that point in time. If the flow is encrypted, you are out of luck. 

You should take a look at AMP for Endpoint for your clients and servers instead of a network device. :)

0 Helpful

Mady
Level 4
Level 4
In response to Dennis Perto

‎03-02-2017 04:51 PM

Hi Dennis,

Thanks for your reply. We also have AMP for endpoints and on the amp console, it only showed dridex version 2. Does this mean that dridex version 4 is not yet known?

Thanks,

Mady

0 Helpful

Dennis Perto
Level 5
Level 5
In response to Mady

‎03-02-2017 09:20 PM

AMP for Endpoint does not use signatures by default. It uses the SHA256 value to ask the cloud if the file is good or bad. 
If the file has been in the Threatgrid sandbox I'm sure that it is a known bad. :)

0 Helpful
Customers Also Viewed These Support Documents