Backdoor:Linux/Mirai.CG!xp - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.CG!xp is a concrete detection for a Mirai botnet variant specifically targeting Linux-based devices, commonly IoT. This malware acts as a backdoor, granting remote access and control to attackers, typically to enroll the compromised device into a botnet for launching distributed denial-of-service (DDoS) attacks.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_CG_2147822369_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.CG!xp"
        threat_id = "2147822369"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "xp: an internal category used to refer to some threats"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "1"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {00 40 9e 00 d4 93 bf 00 1c 48 00 ?? ?? 80 01 00 24 83 a1 00 14 83 c1 00 18 7c 08 03 a6 83 e1 00 1c 38 21 00 20 4e 80 00 20 38 80 00 09 3b a0}  //weight: 1, accuracy: Low
        $x_1_2 = {3c e0 10 01 38 e7 d3 7c 3c 60 10 00 38 63 68 28 48 00}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (1 of ($x*))
}

Immediately isolate the infected Linux device from the network. Thoroughly investigate to identify the initial compromise vector (e.g., weak credentials, unpatched vulnerabilities). Remove the malware, preferably by performing a clean operating system reinstallation or firmware update for embedded devices, then update all default and weak credentials. Implement strong password policies, update all software/firmware, and apply network segmentation to prevent reinfection and lateral movement.