user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Linux/Mirai.W!MTB
Trojan:Linux/Mirai.W!MTB - Windows Defender threat signature analysis

Trojan:Linux/Mirai.W!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Linux/Mirai.W!MTB
Classification:
Type:Trojan
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:W
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Linux platform, family Mirai

Summary:

Trojan:Linux/Mirai.W!MTB is a concrete detection for a Mirai botnet variant targeting Linux-based IoT devices. This malware infects vulnerable devices, recruiting them into a botnet primarily used for launching distributed denial-of-service (DDoS) attacks.

Severity:
Critical
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Linux_Mirai_W_2147831779_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Linux/Mirai.W!MTB"
        threat_id = "2147831779"
        type = "Trojan"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {f4 13 02 b0 61 6a f4 1b c0 b0 60 8a f0 13 02 b0 40 22 44 00 f0 1b 00 b1 40 8a 50 73 05 f2}  //weight: 1, accuracy: High
        $x_1_2 = {f8 13 02 b0 ab e2 0a f4 e4 13 02 b0 61 6a e4 1b c0 b0 40 8a f8 1b 80 b0}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: mao.arc
b9373f4df561e2be8ec80117331d22d9efd546c9d51865b66743a69c77ce8121
31/01/2026
VirusTotalDownload Sample
Filename: Fantazy.arc
773fcfca925a9d6b311fc3f8d6f817b293ab7fce9b4371e9f18020f69be1a45c
06/01/2026
VirusTotalDownload Sample
Filename: Fantazy.arc
c03ede7e951f77ca81a3fce968217b754770b94c69eaca324ac20fb70d8f935b
05/01/2026
VirusTotalDownload Sample
Filename: Fantazy.arc
e62f5f056ac1474142e2c89c7456d1db915de656750df58398de554033a4d3bb
21/12/2025
VirusTotalDownload Sample
Filename: Fantazy.arc
f77b502820be9ed053e789187999efaa986ea391fa4124e765c59f821b32fa7c
16/12/2025
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the compromised Linux device(s) from the network. Remove the detected malware and patch any underlying vulnerabilities (e.g., weak/default credentials, unpatched software) to prevent re-infection. Implement strong password policies and network segmentation, and continuously monitor for suspicious network traffic.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 08/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$