user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Linux/Tusnami.C!MTB
Backdoor:Linux/Tusnami.C!MTB - Windows Defender threat signature analysis

Backdoor:Linux/Tusnami.C!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Linux/Tusnami.C!MTB
Classification:
Type:Backdoor
Platform:Linux
Family:Tusnami
Detection Type:Concrete
Known malware family with identified signatures
Variant:C
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Tusnami

Summary:

This is a concrete detection of Backdoor:Linux/Tusnami.C!MTB, a Linux-based backdoor malware. This threat provides unauthorized remote access and control over the compromised system, indicating a severe breach and potential for further malicious activities.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - |#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - }#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - |#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - }#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
YARA Rule:
rule Backdoor_Linux_Tusnami_C_2147788409_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Tusnami.C!MTB"
        threat_id = "2147788409"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Tusnami"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = "nandemo shiranai wa yo" ascii //weight: 1
        $x_1_2 = "hitteru koto dake" ascii //weight: 1
        $x_1_3 = {41 6c 72 65 61 64 79 [0-2] 6e 69 6e 67 2e}  //weight: 1, accuracy: Low
        $x_1_4 = ":KILL_PORT" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (2 of ($x*))
}
Known malware which is associated with this threat:
Filename: pty10
6730eb04edf45d590939d7ba36ca0d4f1d2f28a2692151e3c631e9f2d3612893
31/01/2026
VirusTotalDownload Sample
Filename: pty1
184dba33e23297345d0c88fea4c0931a692a143c6d6cbbaae5ace19e08f83833
26/01/2026
VirusTotalDownload Sample
Filename: pty5
cd22d7a8e1ff2749ada4d254975a374dd40b27ad1203ecef4b777b32e0909477
26/01/2026
VirusTotalDownload Sample
Filename: pty2
7651345acd772a4048ed69490bdd02d7dab39d0fb02e9a1aec565a5f1503969c
26/01/2026
VirusTotalDownload Sample
Filename: pty3
a7682d1edc81925c3d7d2738db2283c742144d8321cfaf1888cdb66c1cd6ae83
26/01/2026
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected Linux system to prevent further compromise. Perform a comprehensive system scan with updated security software to fully eradicate the malware. Investigate for persistence mechanisms, lateral movement, and any data exfiltration, patching all vulnerabilities and resetting critical credentials as necessary.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 26/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$