Skip to content

Hide Navigation Hide TOC

REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94)

REPTILE is an open-source Linux rootkit with multiple components that provides backdoor access and functionality.(Citation: Google Cloud Mandiant UNC3886 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 1
Port Knocking - T1205.001 (8868cb5b-d575-4a60-acb2-07d37389a2fd) Attack Pattern REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Udev Rules - T1546.017 (f4c3f644-ab33-433d-8648-75cc03a95792) Attack Pattern 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 1
REPTILE - S1219 (4ea492ee-36f8-4017-938f-d01ce951ef94) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Port Knocking - T1205.001 (8868cb5b-d575-4a60-acb2-07d37389a2fd) Attack Pattern Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Udev Rules - T1546.017 (f4c3f644-ab33-433d-8648-75cc03a95792) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 2