ATTACK [PTsecurity] Metasploit MS17-010 ETERNALBLUE Exploitation (CVE-2017-0144)

SID: 10001726Rev: 15 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert smb any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Metasploit MS17-010 ETERNALBLUE Exploitation (CVE-2017-0144)"; flow:established, to_server, no_stream; content:"|FF|SMB|33|"; byte_test:2, >, 61000, 42, relative, little; flowbits:isset, SMB.NTTrans.Req; flowbits:isnotset, SMB.NTTrans2.Req; reference:cve, 2017-0144; reference:url, github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001726; rev:1;)

References

cve	2017-0144
url	github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!