cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

NETBIOS-SS: SMB DoublePulsar Implant Detected

Hi All

I am getting alert of SMB Double pulsar in my daily ips report daily.Kindly guide me what is double pulsar and what type patches will be required for machines?

Attacker and Target IP are same .

7 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: NETBIOS-SS: SMB DoublePulsar Implant Detected

Hi @User27622125 

This signature detects DoublePulsar backdoor activity. DoublePulsar is a backdoor implant tool that allows DLL Injection, execution of arbitrary code.

 

 

 
Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: NETBIOS-SS: SMB DoublePulsar Implant Detected

Hi Faizan

What patches I will need to protect these machines?And what will be the first step I will take ?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: NETBIOS-SS: SMB DoublePulsar Implant Detected

@User27622125 

I am not sure regarding the patches on the host system. On the Network IPS, you may enable blocking if you believe the traffic is malicious.

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: NETBIOS-SS: SMB DoublePulsar Implant Detected

Hi Faizan

I want to ask that if I will patch attacker machine if attacker machine belongs to my network?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: NETBIOS-SS: SMB DoublePulsar Implant Detected

Hi @User27622125 

You may proceed with patching of the target system (ideally they are from the network). If the attacker system are also within network premises, patch them as well. Also, you may plan to disable SMBv1 running on the host systems.

Following link should give you more details on the attack:

https://thehackernews.com/2017/03/microsoft-patch-tuesday.html

https://www.securityweek.com/hackers-are-using-nsas-doublepulsar-backdoor-attacks

 

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

NETBIOS-SS: Windows SMB Remote Code Execution Vulnerability

Dear Faizan,

Can you guide me about alert given below:

NETBIOS-SS: Windows SMB Remote Code Execution Vulnerability

and this is of medium category

so what is the digfeerence btw SMB remote code execution and netbios SMB implant?

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: NETBIOS-SS: Windows SMB Remote Code Execution Vulnerability

Hi @User27622125 

The implant allows an unauthenticated, remote attacker to use SMB as a covert channel to exfiltrate data, launch remote commands, or execute arbitrary code.

 

Remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server.

 

I hope this answer your question.

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community