Backdoor:Linux/Mirai.BD!xp - Windows Defender Threat Analysis

This detection identifies a variant of the Mirai botnet malware, which targets Linux-based Internet of Things (IoT) devices. The malware spreads by exploiting weak or default credentials, creating a backdoor to enlist the device into a botnet for use in large-scale Distributed Denial of Service (DDoS) attacks.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_BD_2147819262_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.BD!xp"
        threat_id = "2147819262"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "6"
        strings_accuracy = "High"
    strings:
        $x_2_1 = "dreambox" ascii //weight: 2
        $x_2_2 = "xmhdipc" ascii //weight: 2
        $x_1_3 = "Is$uper@dmin" ascii //weight: 1
        $x_1_4 = "meinsm" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately quarantine and delete the detected file. If the file originated from an IoT or embedded Linux device, isolate it from the network, perform a factory reset, and change its default password. Harden all network devices by using strong, unique passwords and keeping firmware updated.