user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Linux/Mirai.E!xp
Backdoor:Linux/Mirai.E!xp - Windows Defender threat signature analysis

Backdoor:Linux/Mirai.E!xp - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Linux/Mirai.E!xp
Classification:
Type:Backdoor
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:E
Specific signature variant within the malware family
Suffix:!xp
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

Backdoor:Linux/Mirai.E!xp is a variant of the infamous Mirai botnet malware that targets Linux systems and IoT devices. It compromises devices to absorb them into a botnet, which is then used to launch large-scale Distributed Denial of Service (DDoS) attacks. This concrete detection is based on specific network traffic patterns, indicating an active infection or scanning attempt.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - |#TEL (NID)
 - }#TEL (NID)
 - gq|#TEL (NID)
 - gq}#TEL (NID)
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - |#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - }#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
No specific strings found for this threat
Known malware which is associated with this threat:
Filename: colonna.arc
0a5eab3544a6c4d0516db222f7a14e5d4d32931a6991f9d6dcfa8b268c3dee1f
06/12/2025
VirusTotalDownload Sample
Filename: colonna.test
7ff0414dd57c9811a3711f3f12a66a611dd0adb00925b44cd728bc81e36e07fa
06/12/2025
VirusTotalDownload Sample
Filename: boatnet.arc
fce77fb52f8a0c3ba071f752166b7d8b03d9911a9a69087c03aa0116cb6638ad
05/12/2025
VirusTotalDownload Sample
Filename: boatnet.mips
6d0077cce21b68c9fb1c1935d1c18f85957391a8fd1142d20a8be8235fd7d14c
05/12/2025
VirusTotalDownload Sample
Filename: boatnet.ppc
867911083e0d79297730befd06987801266b3270f543bf43d258349760c7bfe2
05/12/2025
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected Linux device from the network. For IoT devices, reboot or factory reset the device and change the default administrator password to a strong, unique one. For servers, investigate and remove the malicious files and any persistence, or restore from a known-clean backup after hardening all credentials.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 06/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$