Attck link + typo on TA551

2024-11-26 08:47:18 +00:00 · 2022-06-10 18:40:16 -04:00 · 2022-06-10 18:40:16 -04:00 · 51f98f4706
commit 51f98f4706
parent f97fee7135
1 changed files with 3 additions and 2 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -8788,13 +8788,14 @@
      "description": "GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.",
      "meta": {
        "refs": [
-          "https://www.secureworks.com/research/threat-profiles/gold-cabin"
+          "https://www.secureworks.com/research/threat-profiles/gold-cabin",
          "https://attack.mitre.org/groups/G0127/"
        ],
        "synonyms": [
          "Shakthak",
          "TA551",
          "ATK236",
-          "G01271"
+          "G0127"
        ]
      },
      "uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",