https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/519648#M3069 <P>Actually, GootLoader is a separate malware/vulnerability, it is SEO poisoning targeting public sector agencies using the Gootkit malware kit.</P> <P><SPAN>Based on article written by Trend Micro, Gootkit loader uses fileless techniques to download and deliver various ransomware payload such as SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, and Cobalt Strike.</SPAN></P> <P><SPAN>I also would like to know if there is detection pattern for PA firewalls.</SPAN></P> Mon, 31 Oct 2022 07:41:23 GMT SBDC 2022-10-31T07:41:23Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/418173#M854 <P>Our customer is requesting to see if the Cortex XDR protects against the&nbsp;GootLoader vulnerability.&nbsp; Anyone have any idea?</P> Fri, 09 Jul 2021 16:37:29 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/418173#M854 Stephane.B 2021-07-09T16:37:29Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/418472#M856 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/82552">@Stephane.B</a>&nbsp;wrote:<BR /><P>Our customer is requesting to see if the Cortex XDR protects against the&nbsp;GootLoader vulnerability.&nbsp; Anyone have any idea?</P><HR /></BLOCKQUOTE><P>Hi Stephane,&nbsp;</P><P>&nbsp;</P><P>Assuming you meant "Boot loader" since i am not familiar with "<SPAN>GootLoader".</SPAN></P><P><SPAN>XDR agent will not be able to mitigate CVE-2020-10713 since it does not have Boot time protection.</SPAN></P><P><SPAN>When thinking about it, Attacker can always replace the Boot loader with a vulnerable one so even replacing will not really be a solution.</SPAN></P><P>&nbsp;</P><P><SPAN>Hope that this answers your question.</SPAN></P><P>&nbsp;</P><P><SPAN>Best,&nbsp;</SPAN></P><P><SPAN>Ziv.</SPAN></P> Sun, 11 Jul 2021 15:35:35 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/418472#M856 zsolomon 2021-07-11T15:35:35Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/519648#M3069 <P>Actually, GootLoader is a separate malware/vulnerability, it is SEO poisoning targeting public sector agencies using the Gootkit malware kit.</P> <P><SPAN>Based on article written by Trend Micro, Gootkit loader uses fileless techniques to download and deliver various ransomware payload such as SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, and Cobalt Strike.</SPAN></P> <P><SPAN>I also would like to know if there is detection pattern for PA firewalls.</SPAN></P> Mon, 31 Oct 2022 07:41:23 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/519648#M3069 SBDC 2022-10-31T07:41:23Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/542632#M4385 <P>Any update on this question?</P> Thu, 18 May 2023 16:46:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/gootloader-and-xdr-protection/m-p/542632#M4385 MosR 2023-05-18T16:46:32Z