I am getting alert of SMB Double pulsar in my daily ips report daily.Kindly guide me what is double pulsar and what type patches will be required for machines?
Attacker and Target IP are same .
This signature detects DoublePulsar backdoor activity. DoublePulsar is a backdoor implant tool that allows DLL Injection, execution of arbitrary code.
I am not sure regarding the patches on the host system. On the Network IPS, you may enable blocking if you believe the traffic is malicious.
You may proceed with patching of the target system (ideally they are from the network). If the attacker system are also within network premises, patch them as well. Also, you may plan to disable SMBv1 running on the host systems.
Following link should give you more details on the attack:
Can you guide me about alert given below:
NETBIOS-SS: Windows SMB Remote Code Execution Vulnerability
and this is of medium category
so what is the digfeerence btw SMB remote code execution and netbios SMB implant?
The implant allows an unauthenticated, remote attacker to use SMB as a covert channel to exfiltrate data, launch remote commands, or execute arbitrary code.
Remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server.
I hope this answer your question.