[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

DoublePulsar

Backdoor implant tool From Wikipedia, the free encyclopedia

DoublePulsar

DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3][citation needed] The tool infected more than 200,000 Microsoft Windows computers in only a few weeks,[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.[11]

Quick Facts Technical name, Family ...
DoublePulsar
Technical name
  • Double Variant
    • Trojan:Win32/DoublePulsar (Microsoft)
    • Backdoor.DoublePulsar (Fortiguard)
  • Dark Variant
FamilyPulsar (backdoor family)
AuthorsEquation Group
Close
Thumb

Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar.[12][13] He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system.[5] Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware onto the system.[12]

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.