EternalRomance is one of the handful of “exploitation tools” leaked by a group called The Shadow Brokers (TSB) that take advantage of weaknesses in how Windows implemented the Server Message Block (SMB) protocol. Successful exploitation results in a remote code execution (RCE) attack. The ransomware strain known as BadRabbit has used EternalRomance in its campaign. More information can be found in our blogs: BadRabbit: a closer look at the new version of Petya/NotPetya and How threat actors are using SMB vulnerabilities.