Stage EternalBlue PneumaEX plugin payload

Stage a payload for use in the EternalBlue PneumaEX module. The EternalBlue PneumaEX module uses EternalBlue to exploit SMBv1 services. Once exploited, the module uses DoublePulsar to load and execute shellcode in the kernel. The default payload contains shellcode to launch calc.exe.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
APT38 WannaCry


Perform lateral movement using EternalBlue and DoublePulsar exploits.