New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

COBALT MIRAGE APT Group Leverages Drokbk Malware

December 18, 2022

An intrusion carried out by the COBALT MIRAGE threat group leveraged the multi-functional Drokbk malware for persistence and to execute additional commands received from the command-and-control server. The actor took advantage of two Log4j vulnerabilities in a VMware Horizon server for initial access. To determine its C2 server, the malware used the dead drop resolver technique and legitimate Internet services.