Backdoor:Linux/Mirai.AE!xp - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.AE!xp is a concrete detection of a Mirai botnet variant targeting Linux systems. This malware typically infects IoT devices and servers, turning them into bots to launch large-scale Distributed Denial of Service (DDoS) attacks. Its presence indicates the compromised system is now part of a malicious botnet infrastructure.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_AE_2147814694_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.AE!xp"
        threat_id = "2147814694"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "4"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "PROT_EXEC" ascii //weight: 1
        $x_1_2 = "/proc/self/exe7" ascii //weight: 1
        $x_1_3 = "/proc/semn" ascii //weight: 1
        $x_1_4 = "antihoney" ascii //weight: 1
        $x_1_5 = "chmon7" ascii //weight: 1
        $x_1_6 = "mdebung.Hi32" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (4 of ($x*))
}

Immediately isolate the infected Linux system. Perform a full system scan with an updated antivirus/EDR solution to remove the malware. Change all system and service credentials, and apply all available security patches to prevent re-infection. Monitor network traffic for unusual outbound connections.