03-01-2017 06:08 PM - edited 02-20-2020 09:03 PM
Hello,
Does Firepower has the capability to mitigate Dridex Banking trojan with atombombing code injection ability?
http://thehackernews.com/2017/03/dridex-atombombing-malware.html
Regards,
Mady
03-02-2017 12:56 PM
Firepower can stop the file transfer if the file i known at that point in time. If the flow is encrypted, you are out of luck.
You should take a look at AMP for Endpoint for your clients and servers instead of a network device. :)
03-02-2017 04:51 PM
Hi Dennis,
Thanks for your reply. We also have AMP for endpoints and on the amp console, it only showed dridex version 2. Does this mean that dridex version 4 is not yet known?
Thanks,
Mady
03-02-2017 09:20 PM
AMP for Endpoint does not use signatures by default. It uses the SHA256 value to ask the cloud if the file is good or bad.
If the file has been in the Threatgrid sandbox I'm sure that it is a known bad. :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide