ATTACK AD [PTsecurity] Unimplemented Trans2 Sub-Command code. Possible ETERNALBLUE (WannaCry, Petya) tool (CVE-2017-0144)

SID: 10001254Rev: 630 viewsHistory

Sourceptrules/open

CreatedJune 24, 2025

UpdatedJune 24, 2025

Classificationattempted-admin

alert smb any any -> any any (msg:"ATTACK AD [PTsecurity] Unimplemented Trans2 Sub-Command code. Possible ETERNALBLUE (WannaCry, Petya) tool (CVE-2017-0144)"; flow:to_server, established, no_stream; content:"|FF|SMB2|00 00 00 00|"; depth:9; offset:4; byte_test:2, >, 0x0008, 52, relative, little; pcre:"/\xFFSMB2\x00\x00\x00\x00.{52}(?:\x04|\x09|\x0A|\x0B|\x0C|\x0E|\x11)\x00/s"; reference:cve, 2017-0144; reference:url, msdn.microsoft.com/en-us/library/ee441654.aspx; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10001254; rev:6;)

References

cve	2017-0144
url	msdn.microsoft.com/en-us/library/ee441654.aspx
url	rules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!