alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Angler EK SilverLight Payload Request - May 2014"; flow:established,to_server; urilen:71<>79; content:!"/aHR0c"; depth:6; http_uri; content:!"/Uk0v"; depth:5; http_uri; content:"="; http_uri; offset:71; depth:6; pcre:"/^\/[-a-zA-Z0-9_]{70,75}==?$/U"; reference:url,blogs.cisco.com/security/angling-for-silverlight-exploits/; classtype:exploit-kit; sid:2018497; rev:6; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_05_23, deployment Perimeter, malware_family Angler, signature_severity Critical, tag Angler, tag Exploit_Kit, updated_at 2019_07_26;)