rule Linux_Exploit_Race_758a0884 { meta: author = "Elastic Security" id = "758a0884-0174-46c8-a57a-980fc04360d0" fingerprint = "3516086ae773ec1c1de75a54bafbb72ad49b4c7f1661961d5613462b53f26c43" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Race" reference_sample = "a4966baaa34b05cb782071ef114a53cac164e6dece275c862fe96a2cff4a6f06" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 00 22 00 00 00 36 00 00 00 18 85 04 08 34 00 00 00 12 00 00 } condition: all of them }