Backdoor:Linux/Mirai.FH!MTB - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.FH!MTB is a concrete detection of a Mirai botnet variant targeting Linux systems. This malware establishes a backdoor, likely to turn the compromised device into a bot for distributed denial-of-service (DDoS) attacks and other malicious activities.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_FH_2147905479_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.FH!MTB"
        threat_id = "2147905479"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {92 42 00 00 10 ?? ?? ?? a2 62 00 04 92 50 00 01 26 73 00 08 03 d0 10 2a 26 04 00 01 14 ?? ?? ?? 02 d0 ?? 21 03 20 f8 09 03 d0 88 23 8f bc 00 18 00 40 20 21}  //weight: 1, accuracy: Low
        $x_1_2 = {92 03 00 04 8e 02 00 00 a4 a8 ff e8 26 10 00 05 ac a2 ff ec a0 83 ff fc ac 82 ff f8 00 f5 10 2a 24 c6 00 18 24 e7 00 01 24 84 00 18 14 ?? ?? ?? 02 86 28 21 02 51 10 21 00 50 18 23}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected Linux system(s) from the network. Employ an updated antivirus/EDR solution to scan and remove the Mirai malware. Patch any underlying vulnerabilities, change default credentials, and implement strong authentication. Monitor network traffic for outbound DDoS activity or unusual connections.