DoublePulsar is an implant leaked by the ShadowBrokers group earlier this year that enables the execution of additional malicious code. It's commonly delivered by the EternalBlue exploit, and is most famous from its recent use to deploy the Wanna Decryptor 2.0 (WannaCry) ransomware. Even with industry leading AV, IDS, and VM solutions, DoublePulsar attacks have been proven difficult to prevent and detect.
But have no fear. Rapid7’s security solutions are uniquely able to detect and prevent the use of the DoublePulsar implant. Metasploit Pro can quickly identify vulnerable systems, InsightIDR can detect suspicious windows service payloads like DoublePulsar, and InsightVM can help you identify which systems are vulnerable to exploits like EternalBlue, as well as create a remediation plan to get them fixed quickly.
Below, get a free trial of Metasploit Pro to see quickly if your systems are vulnerable. We've also compiled a number of resources to help you take immediate action to prepare for and defend against DoublePulsar.
Use Metasploit Pro to identify vulnerable systems: MS17-010 SMB RCE Detection
Use the EternalBlue exploit in Metasploit Pro to verify vulnerability:
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
[BLOG] EternalBlue: Metasploit Module for MS17-010
Learn about EternalBlue, the exploit commonly used to deliver DoublePulsar.
Wanna Decryptor 2.0 (WannaCry) Explained and Recommended Actions
Learn about Wanna Decryptor, the ransomware commonly deployed with DoublePulsar.
[BLOG] The ShadowBrokers Leaked Exploits Explained
Learn about the ShadowBrokers, the group that leaked DoublePulsar.
We know this is a lot to take in. If you have specific questions or would like further assistance, we're here to help. Please contact us at +1–866–7RAPID7 (Toll Free) or +1–617–247–1717. Get international contact information here.