Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query was originally published in the threat analytics report, Motivated miners. Doublepulsar is a backdoor developed by the National Security Agency (NSA). First disclosed in 2017, it is now used by many malicious actors. Software patches are available. The following query detects possible DoublePulsar execution events. See Detect web server exploitation by DoublePulsar for a query that detects behaviors associated with campaigns that use DoublePulsar. References: https://www.microsoft.com
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 10a17179-d143-476d-80cd-c5a6cca66d59 |
| Tactics | Execution |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Execution/detect-doublepulsar-execution.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊