SYMBOLCOMMON_NAMEaka. SYNONYMS
win.cobaltmirage_tunnel (Back to overview)

CobaltMirage FRP


This Go written malware was observed during campaign of COBALT MIRAGE; it includes FRP (Fast Reverse Proxy) published by fatedier on GitHub (https://github.com/fatedier/frp) and other projects additionally.

References
2022-06-01Deep instinctSimon Kenin
Iranian Threat Actor Continues to Develop Mass Exploitation Tools
CobaltMirage FRP
2022-05-12SecureworksCounter Threat Unit ResearchTeam
COBALT MIRAGE Conducts Ransomware Operations in U.S.
CobaltMirage FRP APT35

There is no Yara-Signature yet.