Backdoor:Linux/Mirai.BZ!xp - Windows Defender Threat Analysis

This is a concrete detection of Backdoor:Linux/Mirai.BZ!xp, a variant of the Mirai botnet family specifically targeting Linux systems. It establishes a backdoor to gain unauthorized remote access and control, typically enrolling the compromised device into a botnet for launching distributed denial-of-service (DDoS) attacks.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_BZ_2147822220_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.BZ!xp"
        threat_id = "2147822220"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {20 84 e5 02 10 c4 e5 10 20 93 e5 14 10 84 e2 40 c4 a0 e1 58 30 a0 e3 05 c0 c4 e5 04 00 c4 e5 03 30 c1 e5 0d}  //weight: 1, accuracy: High
        $x_1_2 = {30 c0 e5 26 30 d4 e5 b0 30 c3 e3 40 30 83 e3 26 30 c4 e5 14 30 9d e5 1c 10 87}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the compromised Linux system to prevent further network spread. Remove the malicious files and binaries. Patch all operating system and application vulnerabilities, and strengthen access controls by changing default or weak credentials for all network devices. Implement network segmentation and egress filtering to block Mirai-related command-and-control (C2) communication.