Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)

Kobalos is a multi-platform backdoor that can be used against Linux, FreeBSD, and Solaris. Kobalos has been deployed against high profile targets, including high-performance computers, academic servers, an endpoint security vendor, and a large internet service provider; it has been found in Europe, North America, and Asia. Kobalos was first identified in late 2019.(Citation: ESET Kobalos Feb 2021)(Citation: ESET Kobalos Jan 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5)	Attack Pattern	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	1
Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	1
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Kobalos - S0641 (9abdda30-08e0-4ab1-9cf0-d447654c6de9)	Malware	1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2