Reptile

Reptile is a kernel module rootkit for Linux systems released as open source on GitHub. Reptile comes with a reverse shell, allowing attackers to easily take control of the system. Among the functions supported by Reptile, the most characteristic is the Port Knocking technique. Reptile, an open source, has been steadily used in attacks since it was released on Github. For example, a recent report by Mandiant confirms the use of Reptile in an attack by a China-based attack group that is exploiting Fortinet's zero-days.