alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Adobe Flash 0Day Exploit Attempt"; flow:established,from_server; content:"CWS|09|"; content:"|BA D5 19 5D 86 67 D5 8E 7F BC D0 3C 6E D8 E2 17 16 E8 3A 9F CF 59 B8 7B F6|"; distance:16; reference:url,www.exploit-db.com/exploits/13787/; classtype:misc-attack; sid:2011672; rev:4; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_07_26;)