user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Win64/Havokiz.DX!MTB
Win64/Havokiz.DX!MTB - Windows Defender threat signature analysis

Win64/Havokiz.DX!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Win64/Havokiz.DX!MTB
Classification:
Detection Type:Behavioral/ML
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:High
False-Positive Risk:Low

Machine learning behavioral analysis detected malicious patterns

VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Win64_Havokiz_DX_2147890339_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/Havokiz.DX!MTB"
        threat_id = "2147890339"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "Havokiz"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {8a 94 03 f0 00 00 00 80 fa ff 75 10 c6 84 03 f0 00 00 00 00 48 83 e8 01 73 e6 eb 0b 48 98 ff c2 88 94 03 f0 00 00 00 31 c0 48 63 d0 ff c0 8a 54 14 30 30 16 48 ff c6 e9}  //weight: 1, accuracy: High
        $x_1_2 = {45 31 d1 44 32 52 ff 41 31 c1 89 c8 01 c9 c0 e8 07 45 31 c8 0f af c7 44 88 42 fe 45 89 d0 44 31 c0 31 c1 88 4a ff 49 39 d3 0f 85}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 08/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$