This resource is no longer available
TA551/Shathak is a sophisticated cybercrime actor targeting end users on a global scale.
The group has distributed different malware families over time, but has consistently used password-protected ZIP archives containing macro-enabled Office documents.
Starting summer 2020, the actor would use these documents to distribute IcedID, a highly capable trojan. It was originally aimed at extracting banking information, but it’s now highly versatile and gives its operators complete access to the victim machine.
Read this e-book for a technical deep dive and an analysis of this threat.