Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai
Backdoor:Linux/Mirai.LR is a variant of the Mirai botnet malware which targets Linux systems, often found within WSL or as staged files on Windows. It spreads by scanning for and brute-forcing weak credentials on IoT devices and servers, incorporating them into a botnet used for DDoS attacks. The '!MTB' suffix indicates this was identified by a machine learning model based on its behavior.
No detailed analysis available from definition files.
dbee10b17caefc5c607b0d6595801b049e770b89b020a4d80bb4fda714f3b088053a85f47ec4437ad7ef11ccbda0dcfb73a80ff698fcd27af171087c0613beff61eb1c5f9942b95b8ffbdf2f1267e7719d53c6cb5985d78767ab00c5d0e51cad547d1e75421bbbfe0492e2191417ad070d3e1e40db837e9aa4737c7946cd67b704ffe48e0d7b5fbdab26c29cb6a3f85aa60fd3f3fb78573f17ef49e25409e2afIsolate the affected system or WSL instance from the network. Quarantine and remove the detected file. Immediately change all user and root passwords to strong, unique values, and review system logs for any unauthorized access or outbound connections.