DoublePulsar

DoublePulsar is installation software for backdoor programs that was developed by the Equation Group of the National Security Agency (NSA) and leaked by The Shadow Brokers in early 2017 . More than 200,000 computers with Microsoft Windows were infected within a few weeks and used for EternalBlue in May 2017, as well as the attack by the ransomware WannaCry .

Sean Dillon, an analyst with security firm Risk Sense Inc., which had broken down the first DoublePulsar and investigated, said the NSA exploits were "10 times worse" than the vulnerability heartbleed and DoublePulsar used as the primary payload (payload). DoublePulsar runs in kernel mode , which allows hackers a high degree of control over the computer system. Once installed, DoublePulsar has three commands: ping , kill, and exec , the latter of which can be used to reload malware onto the system.

Individual evidence

[1] Bruce Sterling: Double Pulsar NSA leaked hacks in the wild .

[2] Seriously, Beware the Shadow Brokers . 4th May 2017.

[3] DoublePulsar malware spreading in the wild Rapidly Following Shadow Brokers dump . April 25, 2017.

[4] Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage .

[5] > 10,000 Windows computers may be infected by advanced NSA backdoor .

[6] Dell Cameron: Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It .

[7] Thomas Fox-Brewster: How One Simple Trick Just Put Out That Huge Ransomware Fire .

[8] Player 3 Has Entered the Game: Say Hello to 'WannaCry' .

[9] DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis .

[10] NSA's DoublePulsar Kernel Exploit In Use Internet-wide .