GOLD CABIN is a threat actor, also known as G0127, Shakthak, TA551. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GOLD CABIN exploit?

Specific CVE exploitation data for GOLD CABIN is being tracked. Check the Strobes VI threat actor profile for updates.

GOLD CABIN

Also known as: G0127, Shakthak, TA551, Monster Libra, ATK236

Exploited CVEs

Overview

GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database