DoublePulsar
DoublePulsar | |
---|---|
Technical name |
|
Family | Pulsar (backdoor family) |
Authors | Equation Group |
DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3][citation needed] The tool infected more than 200,000 Microsoft Windows computers in only a few weeks,[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.[11]
Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar.[12][13] He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system.[5] Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware onto the system.[12]
References
- ^ "Trojan.Darkpulsar". Symantec. Archived from the original on 3 October 2019.
- ^ "Win32/Equation.DarkPulsar.A | ESET Virusradar". www.virusradar.com.
- ^ a b "DoublePulsar malware spreading rapidly in the wild following Shadow Brokers dump". 25 April 2017.
- ^ Sterling, Bruce. "Double Pulsar NSA leaked hacks in the wild". Wired.
- ^ a b "Seriously, Beware the 'Shadow Brokers'". Bloomberg. 4 May 2017 – via www.bloomberg.com.
- ^ "Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage".
- ^ ">10,000 Windows computers may be infected by advanced NSA backdoor". 21 April 2017.
- ^ Cameron, Dell (13 May 2017). "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It".
- ^ Fox-Brewster, Thomas. "How One Simple Trick Just Put Out That Huge Ransomware Fire". Forbes.
- ^ "Player 3 Has Entered the Game: Say Hello to 'WannaCry'". blog.talosintelligence.com. 12 May 2017. Retrieved 2017-05-15.
- ^ "Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak". arstechnica.com. 7 May 2019. Retrieved 2019-05-07.
- ^ a b "DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis". zerosum0x0.blogspot.com. 21 April 2017. Retrieved 2017-05-16.
- ^ "NSA's DoublePulsar Kernel Exploit In Use Internet-Wide". threatpost.com. 24 April 2017. Retrieved 2017-05-16.
- v
- t
- e
← 2000s | Timeline | 2020s → |
2010 |
|
---|---|
2011 | |
2012 | |
2013 |
|
2014 | |
2015 | |
2016 |
|
2017 | |
2018 | |
2019 |
persistent threats
- Bangladesh Black Hat Hackers
- Bureau 121
- Charming Kitten
- Cozy Bear
- Dark Basin
- DarkMatter
- Elfin Team
- Equation Group
- Fancy Bear
- GOSSIPGIRL (confederation)
- Guccifer 2.0
- Hacking Team
- Helix Kitten
- Iranian Cyber Army
- Lazarus Group (BlueNorOff) (AndAriel)
- NSO Group
- Numbered Panda
- PLA Unit 61398
- PLA Unit 61486
- PLATINUM
- Pranknet
- Red Apollo
- Rocket Kitten
- Stealth Falcon
- Syrian Electronic Army
- Tailored Access Operations
- The Shadow Brokers
- xDedic
- Yemen Cyber Army
publicly disclosed
- Evercookie (2010)
- iSeeYou (2013)
- Heartbleed (2014)
- Shellshock (2014)
- POODLE (2014)
- Rootpipe (2014)
- Row hammer (2014)
- SS7 vulnerabilities (2014)
- WinShock (2014)
- JASBUG (2015)
- Stagefright (2015)
- DROWN (2016)
- Badlock (2016)
- Dirty COW (2016)
- Cloudbleed (2017)
- Broadcom Wi-Fi (2017)
- EternalBlue (2017)
- DoublePulsar (2017)
- Silent Bob is Silent (2017)
- KRACK (2017)
- ROCA vulnerability (2017)
- BlueBorne (2017)
- Meltdown (2018)
- Spectre (2018)
- EFAIL (2018)
- Exactis (2018)
- Speculative Store Bypass (2018)
- Lazy FP state restore (2018)
- TLBleed (2018)
- SigSpoof (2018)
- Foreshadow (2018)
- Dragonblood (2019)
- Microarchitectural Data Sampling (2019)
- BlueKeep (2019)
- Kr00k (2019)
2010 |
|
---|---|
2011 | |
2012 | |
2013 | |
2014 | |
2015 | |
2016 | |
2017 | |
2018 | |
2019 |
|
This malware-related article is a stub. You can help Wikipedia by expanding it. |
- v
- t
- e