Trojan:Linux/MsfShellBin.B - Windows Defender Threat Analysis

This is a concrete detection of a Trojan specifically designed for Linux systems, identified as a Metasploit shell binary. It aims to establish remote access and control by executing a shell, potentially a reverse shell, allowing an attacker to fully compromise the infected machine.

No specific strings found for this threat

rule Trojan_Linux_MsfShellBin_B_2147805397_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Linux/MsfShellBin.B"
        threat_id = "2147805397"
        type = "Trojan"
        platform = "Linux: Linux platform"
        family = "MsfShellBin"
        severity = "Critical"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "1"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {68 6e 2f 73 68 68 2f 2f 62 69 89 e3 52 53 89 e1 b0 0b cd 80}  //weight: 1, accuracy: High
        $x_1_2 = {68 2f 2f 73 68 68 2f 62 69 6e 89 e3 50 53 89 e1 b0 0b cd 80}  //weight: 1, accuracy: High
        $x_1_3 = {6a 66 58 cd 80 d1 e3 b0 66 cd 80 57 43 b0 66 89 51 ?? cd 80 93 b6 0c b0 03 cd 80 87 df 5b b0 06 cd 80 ff e1}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (1 of ($x*))
}

Immediately isolate the infected Linux system, remove the malicious file, and conduct a full forensic investigation to identify the infection vector and any further compromise. Patch all vulnerabilities and reset compromised credentials.