07-09-2021 09:37 AM
Our customer is requesting to see if the Cortex XDR protects against the GootLoader vulnerability. Anyone have any idea?
07-11-2021 08:34 AM - edited 07-11-2021 08:35 AM
@Stephane.B wrote:Our customer is requesting to see if the Cortex XDR protects against the GootLoader vulnerability. Anyone have any idea?
Hi Stephane,
Assuming you meant "Boot loader" since i am not familiar with "GootLoader".
XDR agent will not be able to mitigate CVE-2020-10713 since it does not have Boot time protection.
When thinking about it, Attacker can always replace the Boot loader with a vulnerable one so even replacing will not really be a solution.
Hope that this answers your question.
Best,
Ziv.
10-31-2022 12:41 AM
Actually, GootLoader is a separate malware/vulnerability, it is SEO poisoning targeting public sector agencies using the Gootkit malware kit.
Based on article written by Trend Micro, Gootkit loader uses fileless techniques to download and deliver various ransomware payload such as SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, and Cobalt Strike.
I also would like to know if there is detection pattern for PA firewalls.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
