Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Motivated miners. Doublepulsar is a backdoor developed by the National Security Agency (NSA). First disclosed in 2017, it is now used by many malicious actors. Software patches are available. The following query detects possible DoublePulsar execution events. See Detect web server exploitation by DoublePulsar for a query that detects behaviors associated with campaigns that use DoublePulsar. References: https://www.microsoft.com
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 10a17179-d143-476d-80cd-c5a6cca66d59 |
| Tactics | Execution |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊