I am interpreting this as when the Trojan is dropped, it is using the EternalBlue backdoor code minus the SMBv1 exploit code. So the Microsoft EB patch alone would not protect against the backdoor. Most AVs now have a signature for EB. http://www.securityweek.com/banking-trojan-uses-nsa-linked-exploit
Interestingly enough, the new version of this malware has dropped the EB exploit from the coding. Just speculation on my part, but I wonder if the malware group responsible found that their targets have patched systems in place (if not already always in place, the laggards adding it possibly due to Wanna?), so the inclusion of EB would be of no value and would just add an additional IOC for whatever security product to detect (as you pointed out) and alert the user that nastiness is going on.
My take on this is a number of the NSA exploits contain "industrial grade" backdoor code. As such, they are being "reworked" by malware developers to avoid signature detection; the only way to effectively detect them w/o extensive network monitoring.
The new versions are without any double-secret exploit coding, and is now just an effective Jscript-powershell_Tor thingy. You are correct about Network monitoring for this one- the Outbound requests from the Powershell and Tor components will make a Network Monitor light up like a Christmas Tree.