ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > TA551, Shathak

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: TA551, Shathak

NamesTA551 (Proofpoint)
Gold Cabin (SecureWorks)
Shathak (?)
Country[Unknown]
MotivationFinancial gain
First seen2016
Description(Palo Alto) TA551 (also known as Shathak) is an email-based malware distribution campaign that often targets English-speaking victims. The campaign discussed in this blog has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak. After mid-July 2020, this campaign has exclusively pushed IcedID malware, another information stealer.
Observed
Tools usedBokBot, Gozi, Sliver, Valak.
Operations performedOct 2021TA551 Uses ‘SLIVER’ Red Team Tool in New Activity
<https://www.proofpoint.com/us/blog/security-briefs/ta551-uses-sliver-red-team-tool-new-activity>
Information<https://unit42.paloaltonetworks.com/ta551-shathak-icedid/>
<https://unit42.paloaltonetworks.com/valak-evolution/>
<https://github.com/pan-unit42/iocs/tree/master/TA551>

Last change to this card: 03 November 2021

Download this actor card in PDF or JSON format

Previous: TA516
Next: TA554

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]