alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK Gate Injected iframe Oct 22 2014"; flow:established,from_server; file_data; content:"|2f 2a 0a 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 30 37 20 46 72 65 65 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 2c 20 49 6e 63 2e 20 68 74 74 70 3a 2f 2f 66 73 66 2e 6f 72 67 2f 0a 2a 2f 0a 66 75 6e 63 74 69 6f 6e 20 67 65 74 43 6f 6f 6b 69 65 28 65 29|"; within:93; fast_pattern; classtype:exploit-kit; sid:2019497; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_10_23, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag Exploit_Kit, tag Nuclear, updated_at 2022_03_17;)