Kobalos, a new malware that targets Linux, FreeBSD and Solaris High performance Systems. It targets are carefully selected and targeted. Its infection vector is most probably a malicious Linux rpm or a package file. It replaces
sshd with its own malicious file and when the server is accessed via SSH it records the username and password in an encrypted file, which later are sent to its Command and Control servers. Thus give the attacker remote access of the system by which any arbitrary command can be executed. Malicious sshd file wait for connection that have a
source port of 55201.
Kobalos FreeBSD Variant Signatures
Family: UDS:DangerousObject.Multi.Generic
MD5: f54ba4ac2eeb5c12a513872acabecbc6
SHA256: 9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74
Kobalos FreeBSD Variant Download
Kobalos Linux Variant Signatures
Family: UDS:DangerousObject.Multi.Generic
MD5: 2c693d26ba9df26edf77557c1a709528
SHA256: 73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58
Kobalos Linux Variant Download