alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT KaiXin EK Jar URI Struct"; flow:established,to_server; http.uri; content:".jar"; pcre:"/(?:\/[A-Z][a-z][A-Z][a-z][A-Z][a-z]|(?:b(?:m(?:nw|wn)|n(?:mw|wm)|w(?:mn|nm))|m(?:b(?:nw|wn)|n(?:bw|wb)|w(?:bn|nb))|n(?:b(?:mw|wm)|m(?:bw|wb)|w(?:bm|mb))|w(?:b(?:mn|nm)|m(?:bn|nb)|n(?:bm|mb))))\.jar$/"; http.user_agent; content:"Java/1."; fast_pattern; classtype:exploit-kit; sid:2020476; rev:4; metadata:created_at 2015_02_19, confidence High, signature_severity Major, updated_at 2020_05_15;)