rule Linux_Exploit_CVE_2016_4557_b7e15f5e { meta: author = "Elastic Security" id = "b7e15f5e-73d2-4718-8fac-e6a285b0c73c" fingerprint = "14baf456521fd7357a70ddde9da11f27d17a45d7d12c70a0101d6bdc45e30c74" creation_date = "2022-01-05" last_modified = "2022-01-26" threat_name = "Linux.Exploit.CVE-2016-4557" reference_sample = "bbed2f81104b5eb4a8475deff73b29a350dc8b0f96dcc4987d0112b993675271" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 2E 20 69 66 20 74 68 69 73 20 77 6F 72 6B 65 64 2C 20 79 6F } condition: all of them }