Backdoor:Linux/Mirai.FQ!MTB

user@threatcheck.sh ~ threat-analysis

bash

$ analyze-threat Backdoor:Linux/Mirai.FQ!MTB

Backdoor:Linux/Mirai.FQ!MTB - Windows Defender threat signature analysis

$ cat analysis.txt

=== THREAT ANALYSIS REPORT ===

Threat Name: Backdoor:Linux/Mirai.FQ!MTB

Classification:

Type:Backdoor

Platform:Linux

Family:Mirai

Detection Type:Concrete

Known malware family with identified signatures

Variant:FQ

Specific signature variant within the malware family

Suffix:!MTB

Detected via machine learning and behavioral analysis

Detection Method:Behavioral

Confidence:Very High

False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

This threat is a backdoor belonging to the Mirai malware family, which targets Linux systems like IoT devices and servers. It infects devices to add them to a botnet, which is then used to conduct large-scale Distributed Denial of Service (DDoS) attacks.

Severity:

Medium

VDM Static Detection:

No specific strings found for this threat

YARA Rule:

rule Backdoor_Linux_Mirai_FQ_2147913422_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.FQ!MTB"
        threat_id = "2147913422"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {21 20 83 00 14 00 84 90 02 1e 10 00 02 2a 05 00 00 32 06 00 00 86 10 00 25 18 65 00 25 80 06 02 06 10 82 00 25 18 70 00 21 18 62 00 24 38 67 00 00 ff 64 30 02 16 03 00 02 3a 07 00}  //weight: 1, accuracy: High
        $x_1_2 = {00 86 10 00 25 18 65 00 25 80 06 02 06 10 82 00 25 18 70 00 21 18 62 00 24 38 67 00 00 ff 64 30 02 16 03 00 02 3a 07 00 00 22 04 00 00 1e 03 00 25 10 47 00 25 18 64 00 25 10 43 00}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Known malware which is associated with this threat:

Filename: eatmypopcorn

e8b59346af5f2f283878d4064e4c70ba0fcfbd386dad5b69b8bc247a6d74aba9

20/11/2025

→VirusTotal ↓Download Sample

Filename: nigger

5f7eeeca86302a0d5c4e0f4f3dd233d3967130998f0b63e1c0507db91e950ff7

19/11/2025

→VirusTotal ↓Download Sample

Filename: nigger

edc4df341bea11c358e0e7854678a5838781fb8651830b58688da6ce6f6e872d

18/11/2025

→VirusTotal ↓Download Sample

Filename: hidden

4f687fd182ced75bc5b7a3dbfb0f5657f283e4f083f6c761a57f96fe7dce9bd5

18/11/2025

→VirusTotal ↓Download Sample

Filename: hidden

96703b3b56f21d10f0536e5cb868c3ca92109f83ade874248e9475e92cd13d93

16/11/2025

→VirusTotal ↓Download Sample

Remediation Steps:

Isolate the affected Linux system from the network immediately. Perform a full system re-image or factory reset to ensure complete removal. Change all default credentials to strong, unique passwords and disable unnecessary open ports to prevent reinfection.

=== END REPORT ===

$ reanalyze-threat

This analysis was last updated on 08/11/2025. Do you want to analyze it again?

$ ls available-commands/

→ cd /home

user@threatcheck.sh:~$ ▊

Backdoor:Linux/Mirai.FQ!MTB - Windows Defender Threat Analysis