alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in"; flow:established,to_server; http.uri; content:"?id="; nocase; content:"&fp_vs="; nocase; distance:0; fast_pattern; content:"&os_vs="; nocase; distance:0; reference:url,www.flashpoint-intel.com/blog/targeted-attacks-south-korean-entities/; reference:cve,2018-4878; classtype:trojan-activity; sid:2025305; rev:4; metadata:created_at 2018_02_02, cve CVE_2018_4878, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_24;)