alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT BleedingLife Exploit Kit SWF Exploit Request"; flow:established,to_server; content:"/modules/"; http_uri; depth:9; content:".swf"; http_uri; distance:1; within:5; pcre:"/^\x2Fmodules\x2F(?:n[u3]|1|2)\x2Eswf$/U"; reference:url,vrt-blog.snort.org/2014/06/the-never-ending-exploit-kit-shift.html; reference:cve,2013-0634; reference:cve,2014-0515; classtype:exploit-kit; sid:2018563; rev:2; metadata:created_at 2014_06_13, signature_severity Major, updated_at 2019_07_26;)