Other threat group: TA551, Shathak| Names | TA551 (Proofpoint) Shathak (?) | |
| Country | [Unknown] | |
| Motivation | Financial gain | |
| First seen | 2019 | |
| Description | (Palo Alto) TA551 (also known as Shathak) is an email-based malware distribution campaign that often targets English-speaking victims. The campaign discussed in this blog has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak. After mid-July 2020, this campaign has exclusively pushed IcedID malware, another information stealer. | |
| Observed | ||
| Tools used | BokBot, Gozi, Valak. | |
| Information | <https://unit42.paloaltonetworks.com/ta551-shathak-icedid/> <https://unit42.paloaltonetworks.com/valak-evolution/> <https://github.com/pan-unit42/iocs/tree/master/TA551> | |
Last change to this card: 20 January 2021
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |