Backdoor:Linux/Mirai.BV!xp - Windows Defender Threat Analysis

This detection identifies a specific variant (BV) of the Mirai botnet, a notorious malware primarily targeting Linux-based IoT devices. Mirai compromises vulnerable devices, typically through default or weak credentials, and enrolls them into a botnet used to launch large-scale distributed denial-of-service (DDoS) attacks and other malicious activities.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_BV_2147820179_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.BV!xp"
        threat_id = "2147820179"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "1"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {8b 44 24 34 89 44 24 0c 0f b6 44 24 12 89 44 24 08 8b 44 24 2c 89 44 24 04 0f b6 44 24 13 89 04 24}  //weight: 1, accuracy: High
        $x_1_2 = {31 c0 89 44 24 34 8b 44 24 40 85 c0 74 51 0f b6 1f 84 db 88 5c 24 33 0f 85 ae 00 00 00 31 c0 89 44 24 3c}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (1 of ($x*))
}

Immediately isolate the affected Linux device from the network. Change all default and weak credentials, apply security patches and firmware updates, and implement strong access controls. Monitor network traffic for unusual activity originating from or targeting the device, and consider re-imaging or factory resetting the device to ensure complete removal of the malware.