Backdoor:Linux/Mirai.EV!MTB - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.EV!MTB is a concrete detection of a Mirai botnet variant specifically targeting Linux systems. This malware infects devices to integrate them into a botnet, used for launching Distributed Denial-of-Service (DDoS) attacks and other malicious activities.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_EV_2147905477_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.EV!MTB"
        threat_id = "2147905477"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {ba 40 42 0f 00 89 f8 48 83 ec 18 89 d1 31 d2 48 89 e7 f7 f1 31 f6 89 d2 89 c0 48 69 d2 e8 03 00 00 48 89 04 24 48 89 54 24 08}  //weight: 1, accuracy: High
        $x_1_2 = {48 89 fe e8 0a 09 00 00 89 c5 85 ed 74 ?? 31 c0 48 81 bc 24 a8 01 00 00 ff 64 cd 1d 0f 9f c0 03 84 24 a0 01 00 00}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the compromised Linux system from the network. Perform a full system scan with up-to-date antivirus/EDR software, review system logs for signs of compromise, and ensure all system software and credentials are updated with strong, unique passwords. Consider re-imaging the system if complete eradication cannot be guaranteed.