Intrusion Prevention

Backdoor.DoublePulsar

Description

This indicates detection of DoublePulsar Backdoor.
Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. The DoublePulsar Backdoor was revealed by the Shadow Brokers leaks in March 2017 and was used in the WannaCry ransomware attack in May 2017.
Note.
The DoublePulsar Backdoor supports SMB and RDP protocols. Beside the backdoor communication, the signature detects the scanning attempt via the RDP protocol. So the trigger of this signature does not necessarily mean an infection if the detection is on RDP protocol(port 3389).

Affected Products

Any unprotected Windows system is vulnerable to the attack.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

The signature can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.

Other References

RANSOMWARE:WANNACRY