Misplaced Pages

DoublePulsar

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Backdoor implant tool For the only known double pulsar star system, see PSR J0737-3039.
DoublePulsar
Technical name
  • Double Variant
  • Dark Variant
    • Trojan.Darkpulsar (Symantec)
    • Win32/Equation.DarkPulsar (ESET)
FamilyPulsar (backdoor family)
AuthorsEquation Group

DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.

Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar. He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system. Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware onto the system.

References

  1. "Trojan.Darkpulsar". Symantec. Archived from the original on 3 October 2019.
  2. "Win32/Equation.DarkPulsar.A | ESET Virusradar". www.virusradar.com.
  3. ^ "DoublePulsar malware spreading rapidly in the wild following Shadow Brokers dump". 25 April 2017.
  4. Sterling, Bruce. "Double Pulsar NSA leaked hacks in the wild". Wired.
  5. ^ "Seriously, Beware the 'Shadow Brokers'". Bloomberg. 4 May 2017 – via www.bloomberg.com.
  6. "Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage".
  7. ">10,000 Windows computers may be infected by advanced NSA backdoor". 21 April 2017.
  8. Cameron, Dell (13 May 2017). "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It".
  9. Fox-Brewster, Thomas. "How One Simple Trick Just Put Out That Huge Ransomware Fire". Forbes.
  10. "Player 3 Has Entered the Game: Say Hello to 'WannaCry'". blog.talosintelligence.com. 12 May 2017. Retrieved 2017-05-15.
  11. "Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak". arstechnica.com. 7 May 2019. Retrieved 2019-05-07.
  12. ^ "DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis". zerosum0x0.blogspot.com. 21 April 2017. Retrieved 2017-05-16.
  13. "NSA's DoublePulsar Kernel Exploit In Use Internet-Wide". threatpost.com. 24 April 2017. Retrieved 2017-05-16.
Hacking in the 2010s
← 2000s Timeline 2020s →
Major incidents
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
Hacktivism
Advanced
persistent threats
Individuals
Major vulnerabilities
publicly disclosed
Malware
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
Stub icon

This malware-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: