Syslogk Rootkit is heavily based on Adore-Ng, a relatively old, open-source, well-known kernel rootkit for Linux, but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect. Avast names this rootkit ‘Syslogk’, due to how it ‘reveals’ itself when specially crafted data is written to the file /proc/syslogk.
https://community.riskiq.com/article/b0394a31
‘Syslogk’, Linux Kernel Rootkit Found in Wild