user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Linux/Mirai.AT!xp
Backdoor:Linux/Mirai.AT!xp - Windows Defender threat signature analysis

Backdoor:Linux/Mirai.AT!xp - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Linux/Mirai.AT!xp
Classification:
Type:Backdoor
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:AT
Specific signature variant within the malware family
Suffix:!xp
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

Backdoor:Linux/Mirai.AT!xp is a variant of the Mirai botnet specifically targeting Linux systems. It establishes a backdoor for remote command and control, enabling malicious actors to recruit the compromised device into a botnet for DDoS attacks and potentially exploit FTP functionalities.

Severity:
Critical
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Backdoor_Linux_Mirai_AT_2147819147_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.AT!xp"
        threat_id = "2147819147"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "3"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "g1abc4dmo35hnp2lie0kjf" ascii //weight: 1
        $x_1_2 = "GET /set_ftp.cgi" ascii //weight: 1
        $x_1_3 = "upload_interval=0" ascii //weight: 1
        $x_1_4 = "GET /ftptest.cgi" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (3 of ($x*))
}
Known malware which is associated with this threat:
Filename: armv6
a1ba60e8981f575a594b619f0ccb0f040a06d7ad3c63bb757006a322125e81f3
27/01/2026
VirusTotalDownload Sample
Filename: i686
5571e845c24e63c590defe2173897175f30f4c926e576081b2109732b89a4f1f
27/01/2026
VirusTotalDownload Sample
Filename: i686
4aa0a45f2e1a7cf31df5a7e8535a9f1c8b7d25ed67e71cd0cf917e9dc3c64000
27/01/2026
VirusTotalDownload Sample
Filename: aarch64
05f2094d78a5b0eadde5a545772a151e5d6908558232c8bf98574e905c84cfa4
27/01/2026
VirusTotalDownload Sample
Filename: aarch64
88a78f78a37005f7a0fe169b7256db92ed6632249f5216ac344f86b066b1d176
27/01/2026
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected Linux system from the network. Perform a full system scan with updated security software to remove the threat, review system logs for further compromise, patch all vulnerabilities, change default credentials, and consider rebuilding the system if deep compromise is suspected.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 04/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$