Lucene search

K
nessusTenable700059.PRM
HistoryApr 18, 2017 - 12:00 a.m.

SMB Server DOUBLEPULSAR Backdoor / Implant Detection (EternalRocks)

2017-04-1800:00:00
Tenable
www.tenable.com
136

NNM detected the presence of DOUBLEPULSAR on the remote Windows host. DOUBLEPULSAR is one of multiple Equation Group SMB implants and backdoors disclosed on 2017/04/14 by a group known as the β€˜Shadow Brokers’. The implant allows an unauthenticated, remote attacker to use SMB as a covert channel to exfiltrate data, launch remote commands, or execute arbitrary code.

Binary data 700059.prm
VendorProductVersion
sambasamba