ATTACK AD [PTsecurity] ETERNALCHAMPION Exploitation attempt (MS17-010 / CVE-2017-0146)

SID: 10001719Rev: 130 viewsHistory

Sourceptrules/open

CreatedJune 24, 2025

UpdatedMarch 17, 2026

Classificationattempted-admin

alert smb any any -> any any (msg:"ATTACK AD [PTsecurity] ETERNALCHAMPION Exploitation attempt (MS17-010 / CVE-2017-0146)"; flow:established, no_stream, to_server; content:"|FF|SMB|A1|"; flowbits:isset, EternalRomance.RaceCondition.Possible; flowbits:set, EternalRomance.RaceCondition.Attempt; threshold:type both, track by_src, count 1, seconds 60; reference:cve, 2017-0146; reference:url, github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5; reference:url, blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10001719; rev:1;)

References

cve	2017-0146
url	github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5
url	blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis
url	rules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!