Trojan:Linux/Kaiji.D!MTB - Windows Defender Threat Analysis

This is a concrete detection of a Linux-based Trojan from the Kaiji family, known for establishing botnets and launching DDoS attacks. Detected via machine learning behavioral analysis (MTB), it represents a significant and confirmed threat to Linux systems.

No specific strings found for this threat

rule Trojan_Linux_Kaiji_D_2147911019_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Linux/Kaiji.D!MTB"
        threat_id = "2147911019"
        type = "Trojan"
        platform = "Linux: Linux platform"
        family = "Kaiji"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {10 00 00 06 00 00 00 00 3c 14 00 25 02 9c a0 2d 66 94 e7 10 0c 02 55 f6 00 00 00 00 3c 17 00 28}  //weight: 1, accuracy: High
        $x_1_2 = {15 80 ff ed 00 00 00 00 ff aa 00 50 ff a1 00 40 ff a9 00 08 ff a8 00 10 ff ab 00 18 0c 00 48 ce 00 00 00 00 93 a1 00 20 14 20 00 0a 00 00 00 00 df a1 00 40 df a3 00 58 df a4 00 38 93 a5 00 2f df a6 00 88 df a7 00 60 df a8 00 70 10 00 ff da}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the compromised Linux system from the network. Conduct a full system scan with an updated endpoint security solution to quarantine and remove the Trojan. Review system logs for any post-exploitation activity, update all software and OS components to their latest versions, and consider changing credentials or rebuilding the system if the full extent of compromise is uncertain.