Versions (6)
Version DetailsCurrent
Rev: 1 • Jun 24, 2025, 4:00 PMATTACK AD [PTsecurity] Metasploit MS17-010 ETERNALBLUE Exploitation (CVE-2017-0144)
alert smb any any -> any any (msg: "ATTACK AD [PTsecurity] Metasploit MS17-010 ETERNALBLUE Exploitation (CVE-2017-0144)"; flow: established, to_server, no_stream; content: "|FF|SMB|33|"; byte_test: 2, >, 61000, 42, relative, little; flowbits: isset, SMB.NTTrans.Req; flowbits: isnotset, SMB.NTTrans2.Req; reference: cve, 2017-0144; reference: url, github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10001726; rev: 1;)
Jun 24, 2025, 4:00 PM
Jun 24, 2025, 4:00 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-windows.rules