Kobalos
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Kobalos](https://attack.mitre.org/software/S0641) is a multi-platform backdoor that can be used against Linux, FreeBSD, and Solaris. [Kobalos](https://attack.mitre.org/software/S0641) has been deployed against high profile targets, including high-performance computers, academic servers, an endpoint security vendor, and a large internet service provider; it has been found in Europe, North America, and Asia. [Kobalos](https://attack.mitre.org/software/S0641) was first identified in late 2019.(Citation: ESET Kobalos Feb 2021)(Citation: ESET Kobalos Jan 2021)
Associated Techniques (15)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1016 | System Network Configuration Discovery | - |
| T1027 | Obfuscated Files or Information | - |
| T1048 | Exfiltration Over Alternative Protocol | - |
| T1056 | Input Capture | - |
| T1059.004 | Unix Shell | - |
| T1070.003 | Clear Command History | - |
| T1070.006 | Timestomp | - |
| T1074 | Data Staged | - |
| T1082 | System Information Discovery | - |
| T1090.003 | Multi-hop Proxy | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1205 | Traffic Signaling | - |
| T1554 | Compromise Host Software Binary | - |
| T1573.001 | Symmetric Cryptography | - |
| T1573.002 | Asymmetric Cryptography | - |
Metadata
| ID: | 441 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |