Versions (6)
Version DetailsCurrent
Rev: 4 • Feb 2, 2018, 12:00 PMET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in"; flow:established,to_server; http.uri; content:"?id="; nocase; content:"&fp_vs="; nocase; distance:0; fast_pattern; content:"&os_vs="; nocase; distance:0; reference:url,www.flashpoint-intel.com/blog/targeted-attacks-south-korean-entities/; reference:cve,2018-4878; classtype:trojan-activity; sid:2025305; rev:4; metadata:created_at 2018_02_02, cve CVE_2018_4878, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_24;)
Feb 2, 2018, 12:00 PM
Aug 24, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-malware.rules