TA551
· Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
· Source: The MITRE Corporation
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:14
- Updated at
- 27/03/2026 01:14
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 40 attack patterns (mitre), 5 malware, 15 indicators, 1 tool
Aliases
GOLD CABIN Shathak
Description
[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution campaigns. (Citation: Unit 42 TA551 Jan 2021)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (40)
-
T1552.001 usesCredentials In Files
-
T1204.002 usesMalicious File
-
T1003.001 usesLSASS Memory
-
T1059.001 usesPowerShell
-
T1218.010 usesRegsvr32
-
T1036 usesMasquerading
-
T1069.002 usesDomain Groups
-
T1087.001 usesLocal Account
-
T1614 usesSystem Location Discovery
-
T1027.003 usesSteganography
-
T1078 usesValid Accounts
-
T1027 usesObfuscated Files or Information
-
T1135 usesNetwork Share Discovery
-
T1055 usesProcess Injection
-
T1570 usesLateral Tool Transfer
-
T1568.002 usesDomain Generation Algorithms
-
T1069.001 usesLocal Groups
-
T1071.001 usesWeb Protocols
-
T1021.002 usesSMB/Windows Admin Shares
-
T1566.001 usesSpearphishing Attachment
-
T1018 usesRemote System Discovery
-
T1021.001 usesRemote Desktop Protocol
-
T1053.005 usesScheduled Task
-
T1132.001 usesStandard Encoding
-
T1552.002 usesCredentials in Registry
-
T1105 usesIngress Tool Transfer
-
T1059.003 usesWindows Command Shell
-
T1482 usesDomain Trust Discovery
-
T1016 usesSystem Network Configuration Discovery
-
T1560 usesArchive Collected Data
-
T1486 usesData Encrypted for Impact
-
T1218.011 usesRundll32
-
T1518.001 usesSecurity Software Discovery
-
T1589.002 usesEmail Addresses
-
Command Obfuscation uses
-
T1218.005 usesMshta
-
T1082 usesSystem Information Discovery
-
T1087.002 usesDomain Account
-
T1036.005 usesMatch Legitimate Resource Name or Location
-
T1047 usesWindows Management Instrumentation
Malware (5)
Indicators (15)
-
364d346da8e398a89d3542600cbc72984b857df3d20a6dc37879f14e5e173522indicates -
e351ba5e50743215e8e99b5f260671ca8766886f69d84eabb83e99d55884bc2findicates -
pikchayola.picsindicates -
7095beafff5837070a89407c1bf3c6acf8221ed786e0697f6c578d4c3de0efd6indicates -
ce6fc6cca035914a28bbc453ee3e8ef2b16a79afc01d8cb079c70c7aee0e693findicates -
d3db55cd5677b176eb837a536b53ed8c5eabbfd68f64b88dd083dc9ce9ffb64eindicates -
trentonkaizerfak.comindicates -
31cd7f14a9b945164e0f216c2d540ac87279b6c8befaba1f0813fbad5252248bindicates -
e71772b0518fa9bc6dddd370de2d6b0869671264591d377cdad703fa5a75c338indicates -
be604dc018712b1b1a0802f4ec5a35b29aab839f86343fc4b6f2cb784d58f901indicates -
57492d33b7c0755bb411b22d2dfdfdf088cbbfcd010e30dd8d425d5fe66adff4indicates -
questdisar.comindicates -
c6294ebb7d2540ee7064c60d361afb54f637370287983c7e5e1e46115613169aindicates -
2c2513e17a23676495f793584d7165900130ed4e8cccf72d9d20078e27770e04indicates -
57842fe8723ed6ebdf7fc17fc341909ad05a7a4feec8bdb5e062882da29fa1a8indicates
Tool (1)
-
Sliver usesThe MITRE Corporation Confidence 100
[Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control (C2) framework written in Golang. [Sliver](https://attack.mitre.org/software/S0633) includes its own package manager, "armory," for staging and downloading additional …
Published 30/07/2021 17:43 · Modified 27/03/2026 01:07