Names | TA551 (Proofpoint) Shathak (?) | |
Country | [Unknown] | |
Motivation | Financial gain | |
First seen | 2019 | |
Description | (Palo Alto) TA551 (also known as Shathak) is an email-based malware distribution campaign that often targets English-speaking victims. The campaign discussed in this blog has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak. After mid-July 2020, this campaign has exclusively pushed IcedID malware, another information stealer. | |
Observed | ||
Tools used | BokBot, Gozi, Valak. | |
Information | <https://unit42.paloaltonetworks.com/ta551-shathak-icedid/> <https://unit42.paloaltonetworks.com/valak-evolution/> <https://github.com/pan-unit42/iocs/tree/master/TA551> |
Last change to this card: 20 January 2021
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |