alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT DRIVEBY FlashPack Plugin-Detect May 13 2014"; flow:from_server,established; file_data; content:"javarhino"; fast_pattern; nocase; pcre:"/^[\x22\x27]/R"; content:"javaimage"; pcre:"/^[\x22\x27]/R"; content:"javadb"; pcre:"/^[\x22\x27]/R"; content:"getVersion"; content:"SilverLight"; classtype:exploit-kit; sid:2018472; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2014_05_14, deployment Perimeter, signature_severity Major, tag DriveBy, updated_at 2019_07_26;)