This script is Copyright (C) 2017 Tenable Network Security, Inc.
A backdoor exists on the remote Windows host.
Nessus detected the presence of DOUBLEPULSAR on the remote Windows
host. DOUBLEPULSAR is one of multiple Equation Group SMB implants and
backdoors disclosed on 2017/04/14 by a group known as the Shadow
Brokers. The implant allows an unauthenticated, remote attacker to use
SMB as a covert channel to exfiltrate data, launch remote commands, or
execute arbitrary code.
EternalRocks is a worm that propagates by utilizing DOUBLEPULSAR.
See also :
Remove the DOUBLEPULSAR backdoor / implant and disable SMBv1.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now