Backdoor:Linux/Mirai.FX!MTB - Windows Defender Threat Analysis

This detection identifies a specific variant (FX) of the Mirai botnet backdoor targeting Linux systems. This malware gains unauthorized access to the infected machine, likely incorporating it into a botnet for Distributed Denial of Service (DDoS) attacks or other malicious activities.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_FX_2147906252_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.FX!MTB"
        threat_id = "2147906252"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {05 00 a0 e1 7c ff ff eb 07 00 a0 e1 7a ff ff eb 38 10 9f e5 04 20 a0 e3 01 00 a0 e3 8b ff ff eb 05 00 a0 e3 70 ff ff eb 94 d0 8d e2 f0 81 bd e8}  //weight: 1, accuracy: High
        $x_1_2 = {8a ff ff 1b 93 30 dd e5 04 44 83 e1 7c 30 9f e5 03 00 54 e1 f3 ?? ?? ?? 0d 10 a0 e1 80 20 a0 e3 05 00 a0 e1 a1 ff ff eb 00 20 50 e2 0d 40 a0 e1 0d 10 a0 e1}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected Linux system, perform a comprehensive malware scan and removal, and apply all available system and firmware updates. Implement strong, unique passwords for all accounts and enforce strict network segmentation with appropriate firewall rules to prevent further compromise.