Pikabot (d2a226a2-ffa1-4bb0-a090-96dc42f9c84c)
Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the Add to Matrix button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a 60-second tutorial here).
Pikabot is a malware first observed in early 2023 that has downloader/dropper and backdoor functionality. Researchers observed Pikabot distribution increase following the disruption of the QakBot botnet by authorities in August 2023. Originally distributed via spam email campaigns, researchers observed the threat actor TA577 (previously known for distributing payloads including QakBot, IcedID, SystemBC, and Cobalt Strike) distributing Pikabot starting in December 2023.[Malwarebytes Pikabot December 15 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| TA577 (28f3dbcc-b248-442f-9ff3-234210bb2f2a) | Tidal Groups | Pikabot (d2a226a2-ffa1-4bb0-a090-96dc42f9c84c) | Tidal Software | 1 |