user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat TrojanDownloader:Linux/Mirai.E!MTB
TrojanDownloader:Linux/Mirai.E!MTB - Windows Defender threat signature analysis

TrojanDownloader:Linux/Mirai.E!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: TrojanDownloader:Linux/Mirai.E!MTB
Classification:
Type:TrojanDownloader
Platform:Linux
Family:Mirai
Detection Type:Concrete
Known malware family with identified signatures
Variant:E
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan Downloader - Downloads additional malware for Linux platform, family Mirai

Summary:

This detection identifies a 'TrojanDownloader:Linux/Mirai.E!MTB' threat, a variant of the Mirai botnet family targeting Linux systems. Its primary function is to download and execute additional malicious payloads, likely to integrate the compromised device into a larger botnet for launching Distributed Denial of Service (DDoS) attacks, identified through concrete behavioral machine learning analysis.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - |#TEL (NID)
 - }#TEL (NID)
 - gq|#TEL (NID)
 - gq}#TEL (NID)
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - |#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - }#75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
YARA Rule:
rule TrojanDownloader_Linux_Mirai_E_2147819356_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "TrojanDownloader:Linux/Mirai.E!MTB"
        threat_id = "2147819356"
        type = "TrojanDownloader"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {0a 00 47 45 54 20 2f [0-32] 20 48 54 54 50 2f 31 2e 30 0d 0a}  //weight: 1, accuracy: Low
        $x_1_2 = {48 78 00 10 48 6e ff ee 2f 03 61 ff ff ff fe ?? 24 00 4f ef 00 0c 6c 22 48 78 00 ?? 48 79 80 00 03 ?? 48 78 00 01 61 ff ff ff fe ?? 44 82 2f 02 61 ff ff ff fe ?? 4f ef 00 10 45 ea 00 ?? 2f 0a 48 79 80 00 03 ?? 2f 03 61 ff ff ff fe ?? 4f ef 00 0c b5 c0 67 0c 48 78 00 03 61 ff ff ff fe ?? 58 8f}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: dlr.m68k
f94b0f80e388a334966348b28425afc527d24be0f97eaa2015c89db70275ebd5
15/01/2026
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the compromised Linux device. Perform a full scan and remove the Mirai malware using updated security solutions. Enforce strong, unique credentials, patch all systems, disable unnecessary services, and implement network segmentation to prevent reinfection and contain potential botnet activity.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 15/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$