Backdoor.DoublePulsar
Description
This indicates detection of DoublePulsar Backdoor.
Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. The DoublePulsar Backdoor was revealed by the Shadow Brokers leaks in March 2017 and was used in the WannaCry ransomware attack in May 2017.
Note.
The DoublePulsar Backdoor supports SMB and RDP protocols. Beside the backdoor communication, the signature detects the scanning attempt via the RDP protocol. So the trigger of this signature does not necessarily mean an infection if the detection is on RDP protocol(port 3389).
Affected Products
Any unprotected Windows system is vulnerable to the attack.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
The signature can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |