alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Metasploit Java Exploit"; flow:established,to_client; file_data; flowbits:isset,ET.http.javaclient; content:"xploit.class"; nocase; fast_pattern; reference:url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html; reference:url,metasploit.com/modules/exploit/multi/browser/java_jre17_exec; classtype:trojan-activity; sid:2015658; rev:6; metadata:affected_product Any, attack_target Client_and_Server, created_at 2012_08_29, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, confidence Medium, signature_severity Critical, tag Metasploit, updated_at 2019_10_08;)