Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai
This is a concrete detection of Backdoor:Linux/Mirai.BX!xp, a variant of the Mirai botnet family specifically targeting Linux systems. It acts as a backdoor, enabling attackers to gain remote control over the compromised device and enlist it into a botnet for launching Distributed Denial of Service (DDoS) attacks.
No specific strings found for this threat
rule Backdoor_Linux_Mirai_BX_2147820432_0
{
meta:
author = "threatcheck.sh"
detection_name = "Backdoor:Linux/Mirai.BX!xp"
threat_id = "2147820432"
type = "Backdoor"
platform = "Linux: Linux platform"
family = "Mirai"
severity = "Critical"
info = "xp: an internal category used to refer to some threats"
signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
threshold = "2"
strings_accuracy = "High"
strings:
$x_1_1 = {41 ef 51 68 2f 48 00 32 20 2f 00 5a 58 80 2f 40 00 3e 22 2f 00 5a 06 81 00 00 05 b4 2f 41 00 46 24} //weight: 1, accuracy: High
$x_1_2 = {81 72 04 b2 80 65 42 30 3b 0a 06 4e fb 00 02 00 0a 19 72 19 ae 1a 16 19 e2} //weight: 1, accuracy: High
condition:
(filesize < 20MB) and
(all of ($x*))
}1a6807672bf5fa298652e2bf666aedad6aab7b6a29ddd82abfb9b747ea2d7d2fImmediately isolate the infected Linux device to prevent further spread. Remove the malware, ideally by reimaging the system, and ensure all system vulnerabilities are patched. Reset all credentials, especially default or weak ones, and implement strong, unique passwords to prevent reinfection.