This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects payload activity of metasploit web delivery module.
The attacker fires up a web server that serves a payload, when an attacker has physical access to the target machine, a simple command can load a waiting payload in a remote server via HTTP. This payload is loaded in memory and does not write to the disk so it potentially evade AV detections.