Backdoor:Linux/Mirai.BK!xp - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.BK!xp is a concrete detection for a specific variant of the Mirai botnet malware targeting Linux systems. This threat functions as a backdoor, allowing attackers to gain unauthorized control over compromised devices, primarily to enlist them into a botnet for launching Distributed Denial of Service (DDoS) attacks.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_BK_2147819509_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.BK!xp"
        threat_id = "2147819509"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {30 43 e2 19 00 53 e3 0c 20 c9 97 05 3a 8d 92 6c}  //weight: 1, accuracy: High
        $x_1_2 = {30 a0 e3 a8 35 46 e5 ac 05 16 e5 e6 2a 00 eb 00 30 e0 e3 ac 35 06 e5 40 20}  //weight: 1, accuracy: High
        $x_1_3 = {3c 8d e2 70 30 83 e2 03 20 8c e0 a4 30 12 e5 33 31 a0 e1 01 00 13}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (2 of ($x*))
}

Immediately isolate the infected Linux system from the network. Identify and terminate malicious processes, then thoroughly scan and remove all associated malware files. Apply all available security patches, strengthen credentials, and review network logs for signs of further compromise or lateral movement. Implement robust network segmentation and intrusion prevention systems.