G0127

GOLD CABINGOLD CABIN

Also known as: Shakthak · TA551 · ATK236 · G0127 · Monster Libra · GOLD CABIN

Known aliases
6

Profile

GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.

Aliases· 6

ShakthakTA551ATK236Monster LibraGOLD CABIN
G0127

MITRE ATT&CK Group crosswalk

G0127

References

  1. https://www.secureworks.com/research/threat-profiles/gold-cabin
  2. https://attack.mitre.org/groups/G0127/
  3. https://unit42.paloaltonetworks.com/atoms/monsterlibra/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
GOLD GALLEON
Group
TA551
Actor
GoldFactory
Actor
GOLD FAIRFAX
Actor
GC02
Actor
GOLD GARDEN
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.