alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Archie EK CVE-2014-0515 Aug 24 2014"; flow:established,to_server; content:"GET"; http_method; content:"flashhigh.swf"; fast_pattern:only; http_uri; pcre:"/^\/(?:pruncd)?flashhigh\.swf$/U"; classtype:exploit-kit; sid:2018995; rev:4; metadata:created_at 2014_08_25, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)