TA444, also known as Sapphire Sleet, BLUENOROFF, or STARDUST CHOLLIMA, is linked in the excerpt to CosmicRust, a Rust-based Mach-O backdoor described as less mature than RustBucket. The sample uses WebSockets for communications, carries an ad-hoc signature identifier tied to "bot_client," and reuses paths previously seen in TA444 samples. Visible Rust symbols expose host-information and command-handling functions such as architecture, boot time, current directory, version, string encoding/decoding, request processing, and response processing. The excerpt provides a YARA rule using Mach-O headers, bot_client/basicinfo strings, function-name strings, and several hashes to track CosmicRust samples.