ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > TA551, Shathak

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: TA551, Shathak

NamesTA551 (Proofpoint)
Shathak (?)
Country[Unknown]
MotivationFinancial gain
First seen2019
Description(Palo Alto) TA551 (also known as Shathak) is an email-based malware distribution campaign that often targets English-speaking victims. The campaign discussed in this blog has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak. After mid-July 2020, this campaign has exclusively pushed IcedID malware, another information stealer.
Observed
Tools usedBokBot, Gozi, Valak.
Information<https://unit42.paloaltonetworks.com/ta551-shathak-icedid/>
<https://unit42.paloaltonetworks.com/valak-evolution/>
<https://github.com/pan-unit42/iocs/tree/master/TA551>

Last change to this card: 20 January 2021

Download this actor card in PDF or JSON format

Previous: TA516
Next: TA554

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key