user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Linux/Mirai.EL!MTB
Backdoor:Linux/Mirai.EL!MTB - Windows Defender threat signature analysis

Backdoor:Linux/Mirai.EL!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Linux/Mirai.EL!MTB
Classification:
Type:Backdoor
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:EL
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

This detection identifies a backdoor associated with the Mirai botnet, a malware family that targets Linux systems. The malware's primary goal is to enslave the compromised device into a network of bots used for launching large-scale Distributed Denial-of-Service (DDoS) attacks.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Backdoor_Linux_Mirai_EL_2147903137_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.EL!MTB"
        threat_id = "2147903137"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "11"
        strings_accuracy = "High"
    strings:
        $x_10_1 = {73 68 73 74 72 74 61 62 00 2e 69 6e 69 74 00 2e 74 65 78 74 00 2e 66 69 6e 69 00 2e 72 6f 64 61 74 61 00 2e 63 74 6f 72 73 00 2e 64 74 6f 72 73 00 2e 64 61 74 61 2e 72 65 6c 2e 72 6f 00 2e 64 61 74 61 00 2e 67 6f 74 00 2e 73 62 73 73 00 2e 62 73 73 00 2e 6d 64 65 62 75 67 2e 61 62 69 33 32}  //weight: 10, accuracy: High
        $x_10_2 = {18 8f bf 08 a4 8f be 08 a0 8f b7 08 9c 8f b6 08 98 8f b5 08 94 8f b4 08 90 8f b3 08 8c 8f b2 08 88 8f b1 08 84 8f b0 08 80 03 e0 00 08 27 bd 08 a8 34 42 08 08 10 00 fe e0 af a2 08 70 3c 02 40 06 34 42 40 06 10 00 fe dc af a2 08 70 34 42 2a 2a 10 00 fe d9 af a2 08 70 1a 60 ff 78 02 37 b0 21 10 00 ff 79 af a0 00 20 2c a2 00}  //weight: 10, accuracy: High
        $x_1_3 = "/tmp/condinetwork" ascii //weight: 1
        $x_1_4 = "99?*.`z.?\".u2.76v;**639;.354u\"2.76q\"76v;**639;.354u\"76a+gjtcv37;=?u-?8*vpupa+gjtbZ" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (
            ((1 of ($x_10_*) and 1 of ($x_1_*))) or
            ((2 of ($x_10_*))) or
            (all of ($x*))
        )
}
Known malware which is associated with this threat:
Filename: jew.mips
122d0143bba4f82e406eced635573b094ce6ba17cf2d141637b7f5f9a7a81c36
04/12/2025
VirusTotalDownload Sample
Filename: jew.mips
27b4f94db3d278b134ab4e34de9bd8b4cdd8f2b64e326283b7d225f319758a4d
02/12/2025
VirusTotalDownload Sample
032cbacf5e6a63a99b66507a07619c4a64edf49baf30c37bbf45d9dcdf5e3720
09/11/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected system from the network. Identify and remove the malicious file, which is likely within a WSL environment, container, or mounted Linux filesystem. Rebuild the affected Linux environment from a trusted source, change all default or weak credentials, and ensure the system is fully patched.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 09/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$