MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Attck link + typo on TA551

pull/720/head
Thanat0s 2022-06-10 18:40:16 -04:00
parent f97fee7135
commit 51f98f4706
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
clusters/threat-actor.json
View File

@ -8788,13 +8788,14 @@
"description": "GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.",
"meta": {
"refs": [
"https://www.secureworks.com/research/threat-profiles/gold-cabin"
"https://www.secureworks.com/research/threat-profiles/gold-cabin",
"https://attack.mitre.org/groups/G0127/"
],
"synonyms": [
"Shakthak",
"TA551",
"ATK236",
"G01271"
"G0127"
]
},
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",