Backdoor.DoublePulsar

description-logoDescription

This indicates detection of DoublePulsar Backdoor.
Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. The DoublePulsar Backdoor was revealed by the Shadow Brokers leaks in March 2017 and was used in the WannaCry ransomware attack in May 2017.
Note.
The DoublePulsar Backdoor supports SMB and RDP protocols. Beside the backdoor communication, the signature detects the scanning attempt via the RDP protocol. So the trigger of this signature does not necessarily mean an infection if the detection is on RDP protocol(port 3389).

affected-products-logoAffected Products

Any unprotected Windows system is vulnerable to the attack.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

The signature can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-03-03 15.787 Sig Added
2019-10-16 14.705 Sig Added

References

RANSOMWARE:WANNACRY