user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Linux/Kaiji.F!MTB
Trojan:Linux/Kaiji.F!MTB - Windows Defender threat signature analysis

Trojan:Linux/Kaiji.F!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Linux/Kaiji.F!MTB
Classification:
Type:Trojan
Platform:Linux
Family:Kaiji
Detection Type:Concrete
Known malware family with identified signatures
Variant:F
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Linux platform, family Kaiji

Summary:

Trojan:Linux/Kaiji.F!MTB is a concrete detection of a Kaiji family trojan targeting Linux systems. This variant exhibits capabilities for establishing command-and-control communication, executing shell commands, and launching resource exhaustion attacks, as indicated by specific code strings like 'killcpu.go' and 'attack'.

Severity:
Critical
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Linux_Kaiji_F_2147929990_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Linux/Kaiji.F!MTB"
        threat_id = "2147929990"
        type = "Trojan"
        platform = "Linux: Linux platform"
        family = "Kaiji"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "5"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "main.Dns_Url" ascii //weight: 1
        $x_1_2 = "main.Killsh" ascii //weight: 1
        $x_1_3 = "/client/linux/killcpu.go" ascii //weight: 1
        $x_1_4 = "main.getwebwalk" ascii //weight: 1
        $x_1_5 = "main.attack" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: linux_386
08b1ca7ff461d7931cdcbdeb71a22fd67bde07b93607bf2574b7cd666a93ed30
16/01/2026
VirusTotalDownload Sample
Filename: linux_aarch64
d77b6eeb506ebd49b1f348eafd01f545cf41df13641a7417bcd8f34bdaa239d6
16/01/2026
VirusTotalDownload Sample
Filename: linux_arm7
4134fb3554e6dfa82d4822886968f50a008bb66b46f54f3a28dfd0ce167b1283
16/01/2026
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected Linux system from the network. Conduct a full system scan with updated antivirus definitions to ensure complete removal of the threat. Investigate system logs for signs of further compromise, lateral movement, or persistence mechanisms, and apply security patches to all vulnerable Linux hosts.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 16/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$