| DoublePulsar | |
|---|---|
| Malware details | |
| Technical name | |
| Family | Pulsar (backdoor family) |
| Author | Equation Group |
DoublePulsar is abackdoor implant tool developed by the U.S.National Security Agency's (NSA)Equation Group that was leaked byThe Shadow Brokers in early 2017.[3][citation needed] The tool infected more than 200,000Microsoft Windowscomputers in only a few weeks,[4][5][3][6][7] and was used alongsideEternalBlue in the May 2017WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.[11]
Sean Dillon, senior analyst of security companyRiskSense Inc., first dissected and inspected DoublePulsar.[12][13] He said that the NSA exploits are "10 times worse" than theHeartbleed security bug, and use DoublePulsar as the primarypayload. DoublePulsar runs inkernel mode, which grants cybercriminals a high level of control over the computer system.[5] Once installed, it uses three commands:ping,kill, andexec, the latter of which can be used to loadmalware onto the system.[12]
