user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Linux/ReverseShell.B!MTB
Trojan:Linux/ReverseShell.B!MTB - Windows Defender threat signature analysis

Trojan:Linux/ReverseShell.B!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Linux/ReverseShell.B!MTB
Classification:
Type:Trojan
Platform:Linux
Family:ReverseShell
Detection Type:Concrete
Known malware family with identified signatures
Variant:B
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Linux platform, family ReverseShell

Summary:

This is a sophisticated Linux-targeting Trojan of the ReverseShell family, detected with concrete behavioral analysis. It establishes a reverse shell for remote control, exhibits virus-like capabilities including self-propagation and evasion, and can create a SOCKS5 proxy for command-and-control communication or further malicious activities.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - |#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - }#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - |#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - }#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
YARA Rule:
rule Trojan_Linux_ReverseShell_B_2147929991_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Linux/ReverseShell.B!MTB"
        threat_id = "2147929991"
        type = "Trojan"
        platform = "Linux: Linux platform"
        family = "ReverseShell"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "4"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "main.AsVirus" ascii //weight: 1
        $x_1_2 = "main.RemoveSelfExecutable" ascii //weight: 1
        $x_1_3 = "main.StartSocks5Server" ascii //weight: 1
        $x_1_4 = "main.CreateBackOff" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: SecuriteInfo.com.Linux.DDoS.1852.5072.21260
bd489f04d5a88ac115063cd7854b8c24a67ec9e2fe3a31a6b4f95c912f419d80
26/12/2025
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the compromised Linux system. Conduct a thorough forensic investigation to identify the initial access vector and extent of compromise. Remove the malicious executable, reset all potentially compromised credentials, and ensure all Linux systems are fully patched and hardened. Enhance network monitoring for unusual outbound connections.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 26/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$