Backdoor:Linux/Mirai.jj!MTB - Windows Defender Threat Analysis

This threat is a variant of the Mirai botnet malware, detected on a Linux system by Microsoft's machine learning behavioral analysis. Mirai compromises devices to incorporate them into a botnet used for launching Distributed Denial-of-Service (DDoS) attacks and other malicious activities.

No specific strings found for this threat

rule Backdoor_Linux_Mirai_2147784140_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Backdoor:Linux/Mirai.jj!MTB"
        threat_id = "2147784140"
        type = "Backdoor"
        platform = "Linux: Linux platform"
        family = "Mirai"
        severity = "Critical"
        info = "jj: an internal category used to refer to some threats"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_ELFHSTR_EXT"
        threshold = "2"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {44 89 c9 66 0f b6 47 09 c1 e9 10 41 8d 0c 08 66 c1 c8 08 0f b7 c0 01 c1 89 d0 81 e2 ff ff 00 00 c1 e8 10 01 d0 41 0f b7 d1 01 d0 41 0f b7 d2 01 d0 8d 04 01 89 c2 c1 ea 10}  //weight: 1, accuracy: High
        $x_1_2 = {48 89 c1 40 0f b6 c6 89 c2 c1 e2 08 09 d0 48 98 48 89 c2 48 c1 e2 10 48 09 c2 48 89 d7 48 c1 e7 20 48 09 d7}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Isolate the affected Linux system from the network. Identify and delete the malicious binary, then change all system credentials, especially default passwords. Ensure the system is fully patched and unnecessary ports are blocked by a firewall.