DoublePulsar
   HOME

TheInfoList



Click Here for Items Related To - DoublePulsar
OR:
DoublePulsar on:   [Wikipedia]   [Google]   [Amazon]

DoublePulsar is a backdoor implant tool developed by the U.S.
National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
's (NSA)
Equation Group The Equation Group, also known in China as APT-C-40, is a highly sophisticated Threat (computer)#Threat agents or actors, threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Age ...
that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
computers A computer is a machine that can be programmed to automatically carry out sequences of arithmetic or logical operations ('' computation''). Modern digital electronic computers can perform generic sets of operations known as ''programs'', ...
in only a few weeks, and was used alongside EternalBlue in the May 2017
WannaCry ransomware attack The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the form ...
. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec. Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar. He said that the NSA exploits are "10 times worse" than the
Heartbleed Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclos ...
security bug, and use DoublePulsar as the primary
payload Payload is the object or the entity that is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of t ...
. DoublePulsar runs in
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
, which grants cybercriminals a high level of control over the computer system. Once installed, it uses three commands: ping,
kill Kill often refers to: *Homicide, one human killing another *cause death, to kill a living organism, to cause its death Other common uses include: *Kill (body of water), a body of water, most commonly a creek *Kill (command), a computing command *K ...
, and exec, the latter of which can be used to load
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
onto the system.


References

Windows trojans Computer security exploits National Security Agency {{Malware-stub