Backdoor:Linux/Mirai.GC!MTB

user@threatcheck.sh ~ threat-analysis

bash

$ analyze-threat Backdoor:Linux/Mirai.GC!MTB

Backdoor:Linux/Mirai.GC!MTB - Windows Defender threat signature analysis

$ cat analysis.txt

=== THREAT ANALYSIS REPORT ===

Threat Name: Backdoor:Linux/Mirai.GC!MTB

Classification:

Type:Backdoor

Platform:Linux

Family:Mirai

Detection Type:Concrete

Known malware family with identified signatures

Variant:GC

Specific signature variant within the malware family

Suffix:!MTB

Detected via machine learning and behavioral analysis

Detection Method:Behavioral

Confidence:Very High

False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai

Summary:

This detection identifies a backdoor from the Mirai malware family, which targets Linux systems and IoT devices. The malware spreads by scanning for weak or default credentials, then enlists the compromised device into a botnet to launch Distributed Denial-of-Service (DDoS) attacks.

Severity:

Medium

VDM Static Detection:

No specific strings found for this threat

YARA Rule:

rule Backdoor_Linux_Mirai_GC_2147906930_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.GC!MTB"
        threat_id = "2147906930"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "5"
        strings_accuracy = "Low"
    strings:
        $x_5_1 = {21 30 60 01 21 58 80 01 21 60 e0 00 21 38 60 00 c0 1a 06 00 c2 2c 07 00 26 18 c3 00 26 28 e5 00 26 28 65 00 04 00 02 29 02 1a 03 00 21 20 60 00 ef ?? ?? ?? 26 18 65 00 0b ?? ?? ?? 26 18 85 00 00 00 43 a5 fe ff 08 25}  //weight: 5, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Known malware which is associated with this threat:

Filename: nwfaiehg4ewijfgriehgirehaughrarg.mpsl

a51606ed78898e9c9c465f01c197335e50f9863dbff41af52e122c732b1e30a9

11/12/2025

→VirusTotal ↓Download Sample

Filename: mipsel

943eaf398ab7e9767c727a429a772f924770599b1569868539829757e38db6db

10/12/2025

→VirusTotal ↓Download Sample

Filename: mipsel

16c13cf78b693ea690d003c1f9bf165506f18410f67d5bb16b37e7639db66b4c

08/12/2025

→VirusTotal ↓Download Sample

Filename: mipsel

2fd90bbaab1ce30ab88a66501fc52510c8be8011e4a56f5317ee1d31b27869bd

08/12/2025

→VirusTotal ↓Download Sample

Filename: mipsel

70d80400381f3d335ff56918f4e48b7a9d9f66833cfde49f5ea66fa9ba1915c5

07/12/2025

→VirusTotal ↓Download Sample

Remediation Steps:

Isolate the affected Linux system or device from the network immediately. Identify and remove the malicious process and associated files; for IoT devices, a factory reset may be necessary. Harden the device by changing all default credentials, disabling unnecessary services like Telnet, and applying a restrictive firewall policy.

=== END REPORT ===

$ reanalyze-threat

This analysis was last updated on 08/11/2025. Do you want to analyze it again?

$ ls available-commands/

→ cd /home

user@threatcheck.sh:~$ ▊

Backdoor:Linux/Mirai.GC!MTB - Windows Defender Threat Analysis