Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GootLoader and XDR protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GootLoader and XDR protection

L1 Bithead

Our customer is requesting to see if the Cortex XDR protects against the GootLoader vulnerability.  Anyone have any idea?

3 REPLIES 3

L1 Bithead

@Stephane.B wrote:

Our customer is requesting to see if the Cortex XDR protects against the GootLoader vulnerability.  Anyone have any idea?


Hi Stephane, 

 

Assuming you meant "Boot loader" since i am not familiar with "GootLoader".

XDR agent will not be able to mitigate CVE-2020-10713 since it does not have Boot time protection.

When thinking about it, Attacker can always replace the Boot loader with a vulnerable one so even replacing will not really be a solution.

 

Hope that this answers your question.

 

Best, 

Ziv.

L1 Bithead

Actually, GootLoader is a separate malware/vulnerability, it is SEO poisoning targeting public sector agencies using the Gootkit malware kit.

Based on article written by Trend Micro, Gootkit loader uses fileless techniques to download and deliver various ransomware payload such as SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, and Cobalt Strike.

I also would like to know if there is detection pattern for PA firewalls.

L2 Linker

Any update on this question?

  • 3367 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!