Threats Detected

Linux Threats Detected

Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Sandlfly hunts for the common and uncommon threats against Linux.

Sandfly focuses on the building blocks that make an attack work, not on static signatures. Instead of getting on a hamster wheel of constantly outdated signature updates, Sandfly hunts for specific indicators of compromise that are common with attacks that never go out of date. 

Hunting for Linux Threats

Sandfly has a large and growing list of threats it can detect.

Modular Intrusion Detection

Sandfly is an agentless Linux security platform that constantly hunts for intruders. When threats are found, Sandfly becomes an expert forensic investigator providing specific information on what is happening. 

For security and incident response teams, we allow you to write your own custom sandfly checks in an easy to learn syntax. You can custom craft your own threat hunting checks and deploy them instantly without loading any software or updates across your Linux systems. 

The modular approach we use means that more detection methods are being added all the time to enhance our capability. 

We currently have over 650 security and incident response modules designed specifically for Linux, and the list grows each day. Below is a high-level list of just some of the threats we hunt for on Linux.

Linux Intrusion, Compromise & Malware Threats Detected

  • Loadable Kernel Module stealth rootkit detection
  • Standard rootkit detection
  • Cryptocurrency and cryptominer detection
  • Hidden and suspicious directories
  • Hidden and suspicious processes
  • Processes performing suspicious network activity
  • Process masquerading
  • File masquerading and hiding
  • Poisoned system commands
  • Cloaked data from stealth rootkits
  • Tampered system start-up scripts
  • Encrypted and suspicious executable files
  • Unusual system binaries
  • Suspicious users and permissions
  • Hidden executables
  • System shells being used or concealed in suspicious ways
  • Reverse bindshell exploits
  • Standard bindshell exploits
  • Tampered audit records
  • Destroyed audit records
  • User anti-forensic activity
  • Process anti-forensic activty
  • Cloaked backdoors
  • Privilege escalation backdoors
  • Malware persistence mechanisms
  • SSH keys being misused or orphaned
  • Suspicious user login and logout activities
  • Suspicious cron job and other scheduled tasks
  • Linux malware and Advanced Persistent Threat activity
  • Distributed Denial of Service (DDoS) agents
  • Hundreds of others!

An Expanding Detection Net

Sandfly is constantly looking for anything that is suspicious on your Linux hosts. With new sandflies being added all the time, Sandfly is able to provide a thorough detection net for your computers without the hassle of agents or piles of false alarms.