Backdoor:Linux/Mirai.BP!xp - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.BP!xp is a variant of the Mirai malware family, specifically designed to infect Linux-based systems, often targeting IoT devices. It functions as a backdoor, allowing attackers to remotely control the compromised device and typically enlist it into a botnet for launching distributed denial-of-service (DDoS) attacks.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_BP_2147819871_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.BP!xp"
        threat_id = "2147819871"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {3c 50 9f e5 3c 60 9f e5 00 30 95 e5 00 20 96 e5 34 e0 9f e5 34 40 9f e5 83 35 23 e0 a2 09 22 e0 00 10 9e e5 00 c0 94 e5 00 00 23 e0 23 04 20 e0 00 10 85 e5 00 c0 8e e5 00 20 84 e5 00 00 86 e5}  //weight: 1, accuracy: High
        $x_1_2 = {5e 2e 8d e2 17 1d 8d e2 10 30 a0 e3 04 20 82 e2 08 10 81 e2 e4 35 8d e5}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the infected Linux device from the network. Identify and remove the malicious process and file, or ideally, re-image the device to a trusted state. Change all default and weak credentials, ensure all system software and firmware are updated to patch known vulnerabilities, and implement network segmentation to prevent lateral movement.