Rootkits
Detecting Melofee Stealth Backdoor Targeting Red Hat Linux
A new report from Qianxin's X Lab was released detailing new stealth malware targeting Red Hat 7.9 and similar systems: New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9…
De-Cloaking Linux Stealth Malware and Rootkits: sedexp, Diamorphine, and Reptile
In this video we demonstrate Sandfly's new file and directory stealth rootkit de-cloaking feature on the sedexp malware targeting Linux. We also show how it works for the Diamorpine and Reptile…
Sandfly 5.2 - Linux Stealth Rootkit File and Directory De-Cloaking
Sandfly 5.2 has a powerful new way to detect Linux stealth rootkits: Hidden file and directory de-cloaking. This feature will make files and directories hidden by many types of stealth rootkits…
Detecting Linux Stealth Rootkits with Directory Link Errors
Detecting stealth rootkits on Linux can be done from the command line. The secret is to ask the same question multiple ways to make sure all answers agree. If they don't all agree, something is…
XZ SSH Backdoor Detection Strategies
A sophisticated backdoor targeting the SSH service on Linux was made against the XZ compression library in a supply chain attack. The backdoor almost made it into most major Linux distributions until…
Detecting Evasive Linux Malware Presentation
Sandfly founder Craig Rowland gave a presentation for the FIRST Cold Incident Response Conference in Oslo on evasive Linux backdoors and malware below: Evasive Linux Backdoors and Malware…