def rule(event):
    if any(
        [
            any(
                [
                    event.deep_get("Signature", default="").startswith("ATK/"),
                    event.deep_get("Signature", default="").startswith("Exploit.Script.CVE"),
                    event.deep_get("Signature", default="").startswith("HKTL"),
                    event.deep_get("Signature", default="").startswith("HTOOL"),
                    event.deep_get("Signature", default="").startswith("PWS."),
                    event.deep_get("Signature", default="").startswith("PWSX"),
                    event.deep_get("Signature", default="").startswith("SecurityTool"),
                ]
            ),
            any(
                [
                    "Adfind" in event.deep_get("Signature", default=""),
                    "Brutel" in event.deep_get("Signature", default=""),
                    "BruteR" in event.deep_get("Signature", default=""),
                    "Cobalt" in event.deep_get("Signature", default=""),
                    "COBEACON" in event.deep_get("Signature", default=""),
                    "Cometer" in event.deep_get("Signature", default=""),
                    "DumpCreds" in event.deep_get("Signature", default=""),
                    "FastReverseProxy" in event.deep_get("Signature", default=""),
                    "Hacktool" in event.deep_get("Signature", default=""),
                    "Havoc" in event.deep_get("Signature", default=""),
                    "Impacket" in event.deep_get("Signature", default=""),
                    "Keylogger" in event.deep_get("Signature", default=""),
                    "Koadic" in event.deep_get("Signature", default=""),
                    "Mimikatz" in event.deep_get("Signature", default=""),
                    "Nighthawk" in event.deep_get("Signature", default=""),
                    "PentestPowerShell" in event.deep_get("Signature", default=""),
                    "Potato" in event.deep_get("Signature", default=""),
                    "PowerSploit" in event.deep_get("Signature", default=""),
                    "PowerSSH" in event.deep_get("Signature", default=""),
                    "PshlSpy" in event.deep_get("Signature", default=""),
                    "PSWTool" in event.deep_get("Signature", default=""),
                    "PWCrack" in event.deep_get("Signature", default=""),
                    "PWDump" in event.deep_get("Signature", default=""),
                    "Rozena" in event.deep_get("Signature", default=""),
                    "Rusthound" in event.deep_get("Signature", default=""),
                    "Sbelt" in event.deep_get("Signature", default=""),
                    "Seatbelt" in event.deep_get("Signature", default=""),
                    "SecurityTool" in event.deep_get("Signature", default=""),
                    "SharpDump" in event.deep_get("Signature", default=""),
                    "SharpHound" in event.deep_get("Signature", default=""),
                    "Shellcode" in event.deep_get("Signature", default=""),
                    "Sliver" in event.deep_get("Signature", default=""),
                    "Snaffler" in event.deep_get("Signature", default=""),
                    "SOAPHound" in event.deep_get("Signature", default=""),
                    "Splinter" in event.deep_get("Signature", default=""),
                    "Swrort" in event.deep_get("Signature", default=""),
                    "TurtleLoader" in event.deep_get("Signature", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
