Backdoor:Linux/Mirai.EO!MTB - Windows Defender Threat Analysis

This threat is a variant of the Mirai botnet malware, which targets Linux systems to incorporate them into a network of infected devices. The botnet is primarily used to launch large-scale Distributed Denial-of-Service (DDoS) attacks. The detection is based on machine learning behavioral analysis, indicating malicious activity consistent with Mirai.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_EO_2147904934_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.EO!MTB"
        threat_id = "2147904934"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {55 69 04 3e 55 60 84 3e 7c 00 4a 14 54 ea 04 3e 89 63 00 09 54 e9 84 3e 7d 28 4a 14 7c 00 52 14 7d 29 5a 14 7c 00 2a 14 7c 09 02 14 54 09 84 3f 41 82 00 14}  //weight: 1, accuracy: High
        $x_1_2 = {81 23 00 00 7c 0a 48 ae 7c c0 02 78 7c 0a 49 ae 81 63 00 00 7c 0a 58 ae 7c e0 02 78 7c 0a 59 ae 81 23 00 00 7c 0a 48 ae 7d 00 02 78 7c 0a 49 ae 81 63 00 00 7c 0a 58 ae 7c a0 02 78 7c 0a 59 ae 39 4a 00 01 a0 03 00 04 7f 80 50 00 41 9d ff b4}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Isolate the affected system from the network immediately. Ensure the detected file is quarantined or removed. Change all default and weak credentials on the system and network devices, and review firewall rules to restrict access to management ports like SSH and Telnet.