alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT Nuclear EK Landing Dec 03 2014"; flow:established,from_server; file_data; content:"=|22|replace|22 3b 27 29 3b|"; content:"|7b 41 3d 5b 5b 61 5d 2c 5b 65 76 61 6c 5d 5d 3b 7d 41 5b 31 5d 5b 30 5d 28 41 5b 30 5d 5b 30 5d 29 3b|"; classtype:exploit-kit; sid:2019874; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_12_04, deployment Perimeter, malware_family Nuclear, confidence High, signature_severity Critical, tag Exploit_Kit, tag Nuclear, updated_at 2019_07_26;)