win.cobaltmirage_tunnel (Back to overview)

CobaltMirage FRP

This Go written malware was observed during campaign of COBALT MIRAGE; it includes FRP (Fast Reverse Proxy) published by fatedier on GitHub ( and other projects additionally.

2022-05-12SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220512:cobalt:6d50163, author = {Counter Threat Unit ResearchTeam}, title = {{COBALT MIRAGE Conducts Ransomware Operations in U.S.}}, date = {2022-05-12}, organization = {Secureworks}, url = {}, language = {English}, urldate = {2022-05-13} } COBALT MIRAGE Conducts Ransomware Operations in U.S.
CobaltMirage FRP

There is no Yara-Signature yet.