Malware: Kobalos

Description

[Kobalos](https://attack.mitre.org/software/S0641) is a multi-platform backdoor that can be used against Linux, FreeBSD, and Solaris. [Kobalos](https://attack.mitre.org/software/S0641) has been deployed against high profile targets, including high-performance computers, academic servers, an endpoint security vendor, and a large internet service provider; it has been found in Europe, North America, and Asia. [Kobalos](https://attack.mitre.org/software/S0641) was first identified in late 2019.(Citation: ESET Kobalos Feb 2021)(Citation: ESET Kobalos Jan 2021)

External References

• mitre-attack
• ESET Kobalos Feb 2021
• ESET Kobalos Jan 2021

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1027 — Obfuscated Files or Information
• T1048 — Exfiltration Over Alternative Protocol
• T1056 — Input Capture
• T1059.004 — Unix Shell
• T1070.003 — Clear Command History
• T1070.006 — Timestomp
• T1074 — Data Staged
• T1082 — System Information Discovery
• T1090.003 — Multi-hop Proxy
• T1140 — Deobfuscate/Decode Files or Information
• T1205 — Traffic Signaling
• T1554 — Compromise Host Software Binary
• T1573.001 — Symmetric Cryptography
• T1573.002 — Asymmetric Cryptography