COBALT MIRAGE APT Group Leverages Drokbk Malware

December 18, 2022

An intrusion carried out by the COBALT MIRAGE threat group leveraged the multi-functional Drokbk malware for persistence and to execute additional commands received from the command-and-control server. The actor took advantage of two Log4j vulnerabilities in a VMware Horizon server for initial access. To determine its C2 server, the malware used the dead drop resolver technique and legitimate Internet services.

Featured Resources

E-book

Optimize Your Cyber Defenses with Exposure Validation

CTEM guidance built around exposure validation to surface real exposures, strengthen existing controls, and reduce uncertainty

Learn More

blog

AI and ML for SIEM: The New Standard in SOC Defense

Traditional SIEM systems, while foundational to enterprise security operations, can reach a limit in increasingly-complex environments. As organizations face more

blog

EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)

EXECUTIVE SUMMARY The Cymulate Research Labs is committed to advancing cybersecurity by scrutinizing emerging technologies and exposing hidden risks. Our

COBALT MIRAGE APT Group Leverages Drokbk Malware

Featured Resources

Optimize Your Cyber Defenses with Exposure Validation

AI and ML for SIEM: The New Standard in SOC Defense

EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server(CVE-2025-53109 & CVE-2025-53110)

EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)