ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool DoublePulsar

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DoublePulsar

NamesDoublePulsar
CategoryMalware
TypeLoader
Description(Trend Micro) DoublePulsar is a memory-based kernel payload that allows attackers to inject arbitrary Dynamic-link Library (DLL) files to the system processes and execute shellcode payloads, ultimately providing attackers unprecedented access to infected x86 and 64-bit systems. Trend Micro’s continuous analysis of the dump suggests that EternalBlue is one of the exploits that also executes DoublePulsar as payload. EternalBlue is part of the Fuzzbunch framework (also found in the dump) responsible for executing the exploits.
Information<https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malware-using-exploits-from-shadow-brokers-in-the-wild>
<https://countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/>
<https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/>
<https://github.com/countercept/doublepulsar-c2-traffic-decryptor>
<https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/>
<https://en.wikipedia.org/wiki/DoublePulsar>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.doublepulsar>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:DoublePulsar>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool DoublePulsar

ChangedNameCountryObserved

APT groups

 APT 3, Gothic Panda, BuckeyeChina2007-Nov 2017X
 CalypsoChina2016-Aug 2021 
 Equation GroupUSA2001-Aug 2016X
XLazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Feb 2024 HOTX
XTurla, Waterbug, Venomous BearRussia1996-Dec 2023 HOT 
XWicked Spider, APT 22China2018 

6 groups listed (6 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]