Background
On June 6, 2025, XLab's Cyber Threat Insight and Analysis System(CTIA) picked up activity from IP 139.84.156.79 distributing a suspicious ELF file—dst86.bin—with a low VirusTotal hit rate of only 4/65. While conventional scanners labeled it as Mirai, our AI module remained