Backdoor:Linux/Mirai.HY!MTB - Windows Defender Threat Analysis

Backdoor:Linux/Mirai.HY!MTB is a concrete detection for a Mirai botnet variant specifically targeting Linux-based devices. This malware establishes a backdoor to gain remote control over the compromised system, subsequently enrolling it into a botnet primarily used for launching distributed denial-of-service (DDoS) attacks.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_HY_2147909858_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.HY!MTB"
        threat_id = "2147909858"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {83 fe 01 77 ee 75 08 48 0f be 07 ?? ?? ?? ?? 48 0f b7 d1 48 c1 e9 10 48 01 ca 48 89 d0 48 c1 e8 10 48 01 d0 f7 d0 0f b7 c0 c3}  //weight: 1, accuracy: Low
        $x_1_2 = {41 55 41 89 d5 41 54 45 31 e4 55 53 48 83 ec 08 8b 5f 0c 8b 6f 10 eb 0d}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected Linux device from the network. Remove the detected malware file and perform a full system scan with updated antivirus definitions. Apply all available security patches for the operating system and any running services, and enforce strong, unique passwords for all user accounts and remote access services. Implement network segmentation and monitor network traffic for any unusual outbound connections or DDoS activity.