alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Obfuscated Base64 in Javascript probably Scalaxy exploit kit"; flow:established,from_server; content:!"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; content:"|2b 2f 3d 22 3b|"; fast_pattern; content:"<<18|7c|"; within:500; content:"<<12|7c|"; within:13; content:"<<6|7c|"; within:13; classtype:exploit-kit; sid:2014027; rev:2; metadata:created_at 2011_12_13, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)