Backdoor:Linux/Mirai.FN!MTB - Windows Defender Threat Analysis

This is a concrete detection of Backdoor:Linux/Mirai.FN, a variant of the notorious Mirai botnet family specifically targeting Linux-based devices. It acts as a backdoor, granting unauthorized remote access to the compromised system, likely to enroll it into a botnet for Distributed Denial of Service (DDoS) attacks or other malicious operations.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_FN_2147906072_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.FN!MTB"
        threat_id = "2147906072"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {18 30 a0 e3 92 a3 28 e0 00 30 d4 e5 b0 30 c3 e3 40 30 83 e3 00 30 c4 e5 09 e8 a0 e1 00 30 d4 e5 42 c8 8e e2 2c 24 a0 e1}  //weight: 1, accuracy: High
        $x_1_2 = {05 00 51 e1 05 10 a0 21 00 30 d6 e5 0a 00 53 e3 01 60 86 e2 00 30 c2 e5 02 ?? ?? ?? b0 30 d4 e1 01 0c 13 e3}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the infected Linux device from the network to prevent further compromise or spread. Remove the detected malware and ensure all system and application vulnerabilities are patched. Reset all credentials associated with the device, especially default or weak ones, and implement strong access controls and network segmentation.