Jump to content

DoublePulsar

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Dxow (talk | contribs) at 19:55, 16 September 2020 (Remove unneeded white space at start of article.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

For the only known double pulsar star system, see PSR J0737-3039.
DoublePulsar
Technical name
FamilyPulsar (backdoor family)
AuthorsEquation Group

DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3] The tool infected more than 200,000 Microsoft Windows computers in only a few weeks,[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec. [11]

Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar.[12][13] He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system.[5] Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware onto the system.[12]

References

  1. ^ https://www.symantec.com/security-center/writeup/2017-042107-1152-99
  2. ^ https://www.virusradar.com/en/Win32_Equation.DarkPulsar.A/description
  3. ^ a b "DoublePulsar malware spreading rapidly in the wild following Shadow Brokers dump". 25 April 2017.
  4. ^ Sterling, Bruce. "Double Pulsar NSA leaked hacks in the wild".
  5. ^ a b "Seriously, Beware the 'Shadow Brokers'". 4 May 2017 – via www.bloomberg.com.
  6. ^ "Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage".
  7. ^ ">10,000 Windows computers may be infected by advanced NSA backdoor".
  8. ^ Cameron, Dell. "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It".
  9. ^ Fox-Brewster, Thomas. "How One Simple Trick Just Put Out That Huge Ransomware Fire".
  10. ^ "Player 3 Has Entered the Game: Say Hello to 'WannaCry'". blog.talosintelligence.com. Retrieved 2017-05-15.
  11. ^ "Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak". arstechnica.com. Retrieved 2019-05-07.
  12. ^ a b "DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis". zerosum0x0.blogspot.com. Retrieved 2017-05-16.
  13. ^ "NSA's DoublePulsar Kernel Exploit In Use Internet-Wide". threatpost.com. Retrieved 2017-05-16.
Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=DoublePulsar&oldid=978759634"