Backdoor:Linux/Mirai.AZ!xp - Windows Defender Threat Analysis

This is a concrete detection of the Mirai botnet malware, specifically targeting Linux systems. The threat adds the infected device to a botnet, which is then used by attackers to conduct large-scale Distributed Denial of Service (DDoS) attacks and provides backdoor access for remote control.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_AZ_2147819250_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.AZ!xp"
        threat_id = "2147819250"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {18 00 80 90 21 00 e0 a8 21 30 b1 00 ff 30 d3 00 ff 93 b4 00 4b 03 20 f8 09 24 10}  //weight: 1, accuracy: High
        $x_1_2 = {00 24 8f 99 80 cc 8f bf 00 54 8f be 00 50 8f b7 00}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected system from the network to prevent communication with the command-and-control server. Remove the detected file and scan for other indicators of compromise. Harden the system by changing all default credentials, disabling unnecessary services like Telnet, and ensuring all software and firmware is up-to-date.