DoublePulsar

Description

(Trend Micro) DoublePulsar is a memory-based kernel payload that allows attackers to inject arbitrary Dynamic-link Library (DLL) files to the system processes and execute shellcode payloads, ultimately providing attackers unprecedented access to infected x86 and 64-bit systems. Trend Micro’s continuous analysis of the dump suggests that EternalBlue is one of the exploits that also executes DoublePulsar as payload. EternalBlue is part of the Fuzzbunch framework (also found in the dump) responsible for executing the exploits.

Names

Name
DoublePulsar

Type

Loader

Information

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malware-using-exploits-from-shadow-brokers-in-the-wild
https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/
https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
https://github.com/countercept/doublepulsar-c2-traffic-decryptor
https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/
https://en.wikipedia.org/wiki/DoublePulsar

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.doublepulsar

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:DoublePulsar

Other Information

Uuid

15f91367-9891-423d-9c11-060172f7a7f6

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

DoublePulsar

DoublePulsar

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks