Concrete signature match: Backdoor - Provides unauthorized remote access for Linux platform, family Mirai
This is a concrete detection of a component associated with the Mirai botnet. Mirai malware infects Linux-based systems and IoT devices to create a botnet for launching large-scale DDoS attacks. The technical strings suggest the detected file is a Windows-based tool, likely a downloader or stager for the primary Linux payload.
Relevant strings associated with this threat: - gq|#TEL (NID) - gq}#TEL (NID) - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT) - rundll32 (PEHSTR_EXT) - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT) - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT) - !#HSTR:ExecutionGuardrails (PEHSTR_EXT) - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
4575e0e7c46b44ff7e6873272cfce608df85fd8867bc262a1a72e8327c144d98Isolate the affected machine from the network immediately. Use the security software to remove the detected threat and run a full system scan. Investigate the network for other compromised Linux/IoT devices and change all default or weak credentials on network-connected equipment.