VERY IMPORTANT

TA551 (also known as Shathak) represents e threat actor behind malspam that has pushed different families of malware over the past few years. TA551 previously distributed Ursnif, Valak, and IcedID. TA551 stopped sending IcedID sometime in June 2021 and began pushing Trickbot. By July 2021, TA551 stopped sending Trickbot and began pushing BazarLoader (sometimes called BazaLoader). TA551 continues to push BazarLoader, and Cobalt Strike is often follow-up malware for these infections. Today's diary reviews a TA551 BazarLoader infection followed by Cobalt Strike on Tuesday 2021-08-10.