ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > TA551, Shathak

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: TA551, Shathak

NamesTA551 (Proofpoint)
Gold Cabin (SecureWorks)
Shathak (?)
Monster Libra (Palo Alto)
CountryRussia Russia
MotivationFinancial gain
First seen2016
Description(Palo Alto) TA551 (also known as Shathak) is an email-based malware distribution campaign that often targets English-speaking victims. The campaign discussed in this blog has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak. After mid-July 2020, this campaign has exclusively pushed IcedID malware, another information stealer.
Tools usedBokBot, Gozi, Sliver, Valak.
Operations performedOct 2021TA551 Uses ‘SLIVER’ Red Team Tool in New Activity
Jan 2021From IcedID to Domain Compromise

Last change to this card: 10 March 2024

Download this actor card in PDF or JSON format

Previous: TA516
Next: TA554

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]