def rule(event):
    if any(
        [
            any(
                [
                    event.deep_get("Signature", default="").startswith("ASP."),
                    event.deep_get("Signature", default="").startswith("IIS/BackDoor"),
                    event.deep_get("Signature", default="").startswith("JAVA/Backdoor"),
                    event.deep_get("Signature", default="").startswith("JSP."),
                    event.deep_get("Signature", default="").startswith("Perl."),
                    event.deep_get("Signature", default="").startswith("PHP."),
                    event.deep_get("Signature", default="").startswith("Troj/ASP"),
                    event.deep_get("Signature", default="").startswith("Troj/JSP"),
                    event.deep_get("Signature", default="").startswith("Troj/PHP"),
                    event.deep_get("Signature", default="").startswith("VBS/Uxor"),
                ]
            ),
            any(
                [
                    "ASP_" in event.deep_get("Signature", default=""),
                    "ASP:" in event.deep_get("Signature", default=""),
                    "ASP.Agent" in event.deep_get("Signature", default=""),
                    "ASP/" in event.deep_get("Signature", default=""),
                    "Aspdoor" in event.deep_get("Signature", default=""),
                    "ASPXSpy" in event.deep_get("Signature", default=""),
                    "Backdoor.ASP" in event.deep_get("Signature", default=""),
                    "Backdoor.Java" in event.deep_get("Signature", default=""),
                    "Backdoor.JSP" in event.deep_get("Signature", default=""),
                    "Backdoor.PHP" in event.deep_get("Signature", default=""),
                    "Backdoor.VBS" in event.deep_get("Signature", default=""),
                    "Backdoor/ASP" in event.deep_get("Signature", default=""),
                    "Backdoor/Java" in event.deep_get("Signature", default=""),
                    "Backdoor/JSP" in event.deep_get("Signature", default=""),
                    "Backdoor/PHP" in event.deep_get("Signature", default=""),
                    "Backdoor/VBS" in event.deep_get("Signature", default=""),
                    "C99shell" in event.deep_get("Signature", default=""),
                    "Chopper" in event.deep_get("Signature", default=""),
                    "filebrowser" in event.deep_get("Signature", default=""),
                    "JSP_" in event.deep_get("Signature", default=""),
                    "JSP:" in event.deep_get("Signature", default=""),
                    "JSP.Agent" in event.deep_get("Signature", default=""),
                    "JSP/" in event.deep_get("Signature", default=""),
                    "Perl:" in event.deep_get("Signature", default=""),
                    "Perl/" in event.deep_get("Signature", default=""),
                    "PHP_" in event.deep_get("Signature", default=""),
                    "PHP:" in event.deep_get("Signature", default=""),
                    "PHP.Agent" in event.deep_get("Signature", default=""),
                    "PHP/" in event.deep_get("Signature", default=""),
                    "PHPShell" in event.deep_get("Signature", default=""),
                    "PShlSpy" in event.deep_get("Signature", default=""),
                    "SinoChoper" in event.deep_get("Signature", default=""),
                    "Trojan.ASP" in event.deep_get("Signature", default=""),
                    "Trojan.JSP" in event.deep_get("Signature", default=""),
                    "Trojan.PHP" in event.deep_get("Signature", default=""),
                    "Trojan.VBS" in event.deep_get("Signature", default=""),
                    "VBS.Agent" in event.deep_get("Signature", default=""),
                    "VBS/Agent" in event.deep_get("Signature", default=""),
                    "Webshell" in event.deep_get("Signature", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
