alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Metasploit -Java Atomic Exploit Downloaded"; flow:established,to_client; file_data; content:"PK"; within:2; content:"msf|2f|x|2f|"; distance:0; classtype:bad-unknown; sid:2016028; rev:2; metadata:affected_product Any, attack_target Client_and_Server, created_at 2012_12_13, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2019_07_26;)