user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Linux/Mirai.AM!xp
Backdoor:Linux/Mirai.AM!xp - Windows Defender threat signature analysis

Backdoor:Linux/Mirai.AM!xp - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Linux/Mirai.AM!xp
Classification:
Type:Backdoor
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:AM
Specific signature variant within the malware family
Suffix:!xp
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

This detection identifies a variant of the Mirai botnet malware targeting Linux systems. The threat functions as a backdoor, allowing a remote attacker to control the compromised device and incorporate it into a botnet used for launching Distributed Denial-of-Service (DDoS) attacks.

Severity:
Critical
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Backdoor_Linux_Mirai_AM_2147817829_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.AM!xp"
        threat_id = "2147817829"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "4"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "/etc/resolv.conf" ascii //weight: 1
        $x_1_2 = "egvnmacnkr" ascii //weight: 1
        $x_1_3 = "nmnlmevdm" ascii //weight: 1
        $x_1_4 = "hlLjztqZ" ascii //weight: 1
        $x_1_5 = "npxXoudifFeEgGaACScs" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (4 of ($x*))
}
Known malware which is associated with this threat:
Filename: ecco.x86
103907e6ca47f6bbe07532ba717b2b96cfd763c8e73c9de04745116ee65e9ca6
10/12/2025
VirusTotalDownload Sample
Filename: ecco.x86
e9b58b2dad6fb776f552531315be6262e62c58e9892e4b62d82a1ee0dbe3d815
10/12/2025
VirusTotalDownload Sample
Filename: ecco.arm
088780c4d0f72eda2d08bc53f82f7d10d418550fce58abc1232d0957da611970
10/12/2025
VirusTotalDownload Sample
Filename: ecco.mips
a43e7cc68d7207ffa403fa33347aab9e1c5f6789b631e07663e88bf20e9c3bc9
10/12/2025
VirusTotalDownload Sample
Filename: ecco.arc
ef24158ad8b15653332d0d4da39959653192ada5f87495c213a15d005a84c7e9
10/12/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected device from the network immediately. Perform a factory reset or re-flash the device's firmware to ensure complete removal. Before reconnecting, change all default credentials to strong, unique passwords and apply all available security updates.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 16/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$