Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Motivated miners. Doublepulsar is a backdoor developed by the National Security Agency (NSA). First disclosed in 2017, it is now used by many malicious actors. Software patches are available. The following query detects activity broadly associated with campaigns that use DoublePulsar to exploit web servers. See Detect DoublePulsar execution for a query that detects possible DoublePulsar execution events. References: https://www.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | da3b2b82-74a0-4b0e-8ef7-ac43515b4c70 |
| Tactics | Execution |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊