You've probably all heard of EternalBlue. After The Shadow Brokers obtained and disclosed it in 2017, lots of Windows systems which cannot updates on time became victims. And the most famous malware is the WannaCry ransomware, which exploited through the disclosed EternalBlue to infect hundreds of thousands of computers in May at the same year, spreading widely and affecting factories and critical infrastructure in numerous countries.

In this session, we will approach the topic from the perspective of network threat researchers by examples of EternalBlue and the malware that spreading based on EternalBlue. We'll demonstrate that even seven years later, the attacks leveraging EternalBlue still persist. We'll explore how to utilize existing threat intelligence to develop network based detection for classifying the suspicious network packets we currently received. Furthermore, by applying these detection on our hunting engines, we'll present what kind of malware that we have collected, and examine the potential threats of EternalBlue attacks posed in today's environments.