alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT TDS Sutra - redirect received"; flow:established,to_client; http.stat_code; content:"302"; http.cookie; content:"=_"; content:"_|3b 20|domain="; distance:1; within:10; fast_pattern; pcre:"/^[a-z]{5}[0-9]{1,2}=_[0-9]{1,2}_/"; classtype:exploit-kit; sid:2014547; rev:7; metadata:created_at 2012_04_12, signature_severity Major, tag TDS, updated_at 2020_10_28;)