Backdoor:Linux/Mirai.BE!xp - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.BE!xp is a concrete detection for a Mirai botnet variant targeting Linux-based IoT devices. It gains backdoor access to infected systems, recruiting them into a botnet primarily for launching Distributed Denial of Service (DDoS) attacks and self-propagation.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_BE_2147819265_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.BE!xp"
        threat_id = "2147819265"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "4"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "/bin/busybox" ascii //weight: 1
        $x_1_2 = "DOS BOT KILLING" ascii //weight: 1
        $x_1_3 = "dropbear" ascii //weight: 1
        $x_1_4 = "var/tmp/sonia" ascii //weight: 1
        $x_1_5 = "Self Rep Fucking NeTiS" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (4 of ($x*))
}

Immediately isolate the infected Linux device from the network. Perform a factory reset or reimage the device, ensuring all firmware and software are updated and patched. Change all default or weak credentials to strong, unique passwords and implement network segmentation with egress filtering to prevent C2 communication and further spread.