CobaltMirage FRP (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.cobaltmirage_tunnel (Back to overview)

CobaltMirage FRP

This Go written malware was observed during campaign of COBALT MIRAGE; it includes FRP (Fast Reverse Proxy) published by fatedier on GitHub (https://github.com/fatedier/frp) and other projects additionally.

References

2022-06-01 ⋅ Deep instinct ⋅ Simon Kenin
Iranian Threat Actor Continues to Develop Mass Exploitation Tools
CobaltMirage FRP

2022-05-12 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
COBALT MIRAGE Conducts Ransomware Operations in U.S.
CobaltMirage FRP APT35

There is no Yara-Signature yet.

CobaltMirage FRP Propose Change

References

CobaltMirage FRP