rule CISA_10452108_03 : backdoor communicates_with_c2 installs_other_components {
	meta:
		Author = "CISA Code & Media Analysis"
		Incident = "10452108"
		Date = "2023-06-20"
		Last_Modified = ""
		Actor = "n/a"
		Family = "n/a"
		Capabilities = "communicates-with-c2 installs-other-components"
		Malware_Type = "backdoor"
		Tool_Type = "unknown"
		Description = "Detects malicious Linux reverse shell samples"
		SHA256_1 = "2a5de691243f2b91f164c3021c157fbd783b4f3e7d5f5950182e52ec868cd40b"
	strings:
		$s0 = { 6F 47 68 37 6F 68 63 34 }
		$s1 = { 41 6B 65 6F 38 61 68 58 }
		$s2 = { 65 65 71 75 65 69 37 41 30 39 33 30 32 }
	condition:
		all of them
}