Malware is detected using an embedded version of Metaesploit against our own collection of rules, as well as through Dynamic analysis of ELF files:

1. Starting and Termination: Time Stamps and Elapsed Time.

2. Processes Information: clone, exec and exit etc.

3. File I/O: open, read, write and delete etc.

4. Network: TCP, UDP, HTTP and HTTPS etc.

5. Typical Malicious Actions: self deletion, modification and lock.

6. API Information: getpid, system, dup and other libc functions.

7. syscall sequences.

Further, our Dynamic Analysis finds Backdoors based in: Suspicious open TCP ports, suspicious connection to external IPs and URIs, presence of Non-standard services and Suspicious executables.