Threats Detected

Linux Threats Detected

Sandfly Security is proud to be part of the

Vodafone Xone Accelerator Program

Sandlfly hunts for the common and uncommon threats against Linux.

Sandfly focuses on the building blocks that make an attack work, not on static signatures. Instead of getting on a hamster wheel of constantly outdated signature updates, Sandfly hunts for specific indicators of compromise that are common with attacks that never go out of date. 

Hunting for Linux Threats

Sandfly Has a Large and Growing List of Threats it can Detect

Modular Intrusion Detection

Sandfly operates as an automated expert security investigator when searching for threats. When threats are found, Sandfly then switches to an expert forensic investigator providing you with specific information on what is happening. It is very hard for an attacker to remain hidden on a host protected by Sandfly due to our expansive coverage.

Here is a small list of the signs of Linux compromise and intrusion Sandfly can detect today. The modular approach we use means that more sandflies are being added all the time to enhance our detection net. Sandfly is designed to look for these and many more threats on your Linux hosts without the need to load agents.

  • Loadable Kernel Module stealth rootkit detection
  • Standard rootkit detection
  • Cryptocurrency and cryptominer detection
  • Hidden and suspicious directories
  • Hidden and suspicious processes
  • Processes performing suspicious network activity
  • Process masquerading
  • File masquerading and hiding
  • Poisoned system commands
  • Cloaked data from stealth rootkits
  • Tampered system start-up scripts
  • Encrypted and suspicious executable files
  • Unusual system binaries
  • Suspicious users and permissions
  • Hidden executables
  • System shells being used or concealed in suspicious ways
  • Reverse bindshell exploits
  • Standard bindshell exploits
  • Tampered audit records
  • Destroyed audit records
  • User anti-forensic activity
  • Process anti-forensic activty
  • Cloaked backdoors
  • Privilege escalation backdoors
  • Malware persistence mechanisms
  • SSH keys being misused or orphaned
  • Suspicious user login and logout activities
  • Suspicious cron job and other scheduled tasks
  • Linux malware and Advanced Persistent Threat activity
  • Distributed Denial of Service (DDoS) agents
  • Hundreds of others!

An Expanding Detection Net

Sandfly is constantly looking for anything that is suspicious on your Linux hosts. With new sandflies being added all the time, Sandfly is able to provide a thorough detection net for your computers without the hassle of agents or piles of false alarms.