GOLD CABIN is a threat actor, also known as TA551, Monster Libra, ATK236. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GOLD CABIN exploit?

Specific CVE exploitation data for GOLD CABIN is being tracked. Check the Strobes VI threat actor profile for updates.

GOLD CABIN

Also known as: TA551, Monster Libra, ATK236, Shakthak, G0127

Exploited CVEs

Overview

GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions

GOLD CABIN

Ready for Agentic Automated Testing?

GOLD CABIN