Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family SAgnt
Backdoor:Linux/SAgnt.D!MTB is a trojan that grants attackers remote access and control over a compromised Linux system. It establishes a backdoor for command execution and data exfiltration. The detection is based on a high-confidence machine learning model observing malicious behavior.
Relevant strings associated with this threat: - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID) - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID) - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID) - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID) - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID) - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID) - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID) - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID) - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID) - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID) - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID) - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID) - |#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID) - }#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID) - |#c1db55ab-c21a-4637-bb3f-a12568109d35 (NID) - }#c1db55ab-c21a-4637-bb3f-a12568109d35 (NID) - |#26190899-1602-49e8-8b27-eb1d0a1ce869 (NID) - }#26190899-1602-49e8-8b27-eb1d0a1ce869 (NID) - |#e6db77e5-3df2-4cf1-b95a-636979351e5b (NID) - }#e6db77e5-3df2-4cf1-b95a-636979351e5b (NID)
b33d468641a0d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8Immediately isolate the affected Linux system from the network. Investigate for the initial compromise vector, persistence mechanisms (cron jobs, services), and created artifacts. Remove the identified malicious files and, if necessary, restore the system from a trusted backup. Finally, rotate all credentials and harden system configurations.