win.cobaltmirage_tunnel (Back to overview)

CobaltMirage FRP

This Go written malware was observed during campaign of COBALT MIRAGE; it includes FRP (Fast Reverse Proxy) published by fatedier on GitHub ( and other projects additionally.

2022-06-01Deep instinctSimon Kenin
Iranian Threat Actor Continues to Develop Mass Exploitation Tools
CobaltMirage FRP
2022-05-12SecureworksCounter Threat Unit ResearchTeam
COBALT MIRAGE Conducts Ransomware Operations in U.S.
CobaltMirage FRP APT35

There is no Yara-Signature yet.