alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Metasploit Java Payload"; flow:established,to_client; flowbits:isset,ET.http.javaclient; file_data; content:"Payload.class"; nocase; fast_pattern; reference:url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html; reference:url,metasploit.com/modules/exploit/multi/browser/java_jre17_exec; classtype:trojan-activity; sid:2015657; rev:5; metadata:affected_product Any, attack_target Client_and_Server, created_at 2012_08_29, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, confidence Medium, signature_severity Critical, tag Metasploit, updated_at 2019_10_08;)