Hi SKP,
Thanks for the post. New Linux-based DDoS tools or variants appear on the threat landscape every day. Linux.Mirai and other signatures exist to counter their threat.
I've seen some news articles on Saposhi but none contain any real details (IoC like MD5 hashes, etc). Those details are really needed in order to confirm whether existing defintions cover the sames, and under what names.
Please do update this thread with any additional concrete details that you have!