alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT FlashPack EK Exploit Flash Post Aug 25 2014"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".php"; http.request_body; content:"id="; depth:3; content:"&dom=687474703a2f2f"; fast_pattern; content:"2e706870"; pcre:"/^id=[^&]+&dom=687474703a2f2f[a-f0-9]+2e706870\s*?$/s"; classtype:exploit-kit; sid:2019004; rev:3; metadata:created_at 2014_08_26, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_13;)