From 51f98f47068a94ba664822e8a32cbec678a8d9f0 Mon Sep 17 00:00:00 2001
From: Thanat0s <Thanspam@trollprod.org>
Date: Fri, 10 Jun 2022 18:40:16 -0400
Subject: [PATCH] Attck link + typo on TA551

---
 clusters/threat-actor.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f6433bf..90e55e3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8788,13 +8788,14 @@
       "description": "GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.",
       "meta": {
         "refs": [
-          "https://www.secureworks.com/research/threat-profiles/gold-cabin"
+          "https://www.secureworks.com/research/threat-profiles/gold-cabin",
+          "https://attack.mitre.org/groups/G0127/"
         ],
         "synonyms": [
           "Shakthak",
           "TA551",
           "ATK236",
-          "G01271"
+          "G0127"
         ]
       },
       "uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",