alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT DRIVEBY Java Atomic Exploit Downloaded"; flow:established,from_server; flowbits:isset,ET.http.javaclient; file_data; content:"PK"; within:2; content:",CAFEBABE00000030007A0A002500300A003100320700"; distance:0; classtype:exploit-kit; sid:2014295; rev:6; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2012_02_29, deployment Perimeter, signature_severity Major, tag DriveBy, updated_at 2019_07_26;)