user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Linux/Mirai.EK!MTB
Backdoor:Linux/Mirai.EK!MTB - Windows Defender threat signature analysis

Backdoor:Linux/Mirai.EK!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Linux/Mirai.EK!MTB
Classification:
Type:Backdoor
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:EK
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

This detection identifies a Linux backdoor from the Mirai botnet family, identified through machine learning behavioral analysis. The malware compromises the system, adds it to a botnet, and utilizes it for malicious activities such as participating in large-scale Distributed Denial of Service (DDoS) attacks.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Backdoor_Linux_Mirai_EK_2147902389_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.EK!MTB"
        threat_id = "2147902389"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "4"
        strings_accuracy = "High"
    strings:
        $x_2_1 = {7f e0 fe 70 83 81 00 10 7c 03 fa 78 83 a1 00 14 7c 63 00 50 80 01 00 24 7c 63 fe 70 83 e1 00 1c 7f c3 18 38 7c 08 03 a6 83 c1 00 18 38 21 00 20}  //weight: 2, accuracy: High
        $x_2_2 = {7c 08 02 a6 94 21 ff f0 93 e1 00 0c 7c 7f 1b 78 90 01 00 14 88 03 00 00 38 60 00 01 2f 80 00 00 41 9e 00 1c 7f e9 fb 78}  //weight: 2, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: splppc
ad61123bc509872ca8d35c77edb8b43717892d39b90da7b2224dbf3fcbdda251
10/12/2025
VirusTotalDownload Sample
Filename: nabppc
2e1b81ee5683d4d6c3250383ca677efb0dd1a9950a394865e94465e1f4e575da
10/12/2025
VirusTotalDownload Sample
Filename: ppc
9d4717706b6be74ee174eea59f6858452af5cb2bdba862e6b8c9428f638552bb
10/12/2025
VirusTotalDownload Sample
Filename: ppc
bb6181307f918d4fc13bfe82d0df7e722480e13940d373c623f77e9611db6f54
17/11/2025
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected Linux device from the network to prevent further malicious activity. Remove the detected malicious file and any associated persistence mechanisms. Change all system credentials, disable unnecessary services (especially Telnet), and ensure the device is fully patched.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 17/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$