ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool DoublePulsar

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DoublePulsar

NamesDoublePulsar
CategoryMalware
TypeLoader
Description(Trend Micro) DoublePulsar is a memory-based kernel payload that allows attackers to inject arbitrary Dynamic-link Library (DLL) files to the system processes and execute shellcode payloads, ultimately providing attackers unprecedented access to infected x86 and 64-bit systems. Trend Micro’s continuous analysis of the dump suggests that EternalBlue is one of the exploits that also executes DoublePulsar as payload. EternalBlue is part of the Fuzzbunch framework (also found in the dump) responsible for executing the exploits.
Information<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malware-using-exploits-from-shadow-brokers-in-the-wild>
<https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/>
<https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/>
<https://github.com/countercept/doublepulsar-c2-traffic-decryptor>
<https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/>
<https://en.wikipedia.org/wiki/DoublePulsar>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.doublepulsar>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:DoublePulsar>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool DoublePulsar

ChangedNameCountryObserved

APT groups

 APT 3, Gothic Panda, BuckeyeChina2007-Nov 2017X
 CalypsoChina2016 
 Equation GroupUSA2001-Aug 2016X
 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Aug 2020 HOTX
 Turla, Waterbug, Venomous BearRussia1996-Jun 2020 
 Wicked Spider, APT 22China2018 

6 groups listed (6 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key