Pikabot

Malware updated a month ago (2024-11-29T14:27:50.272Z)
Download STIX
Preview STIX
Pikabot is a malicious software (malware) that has been used extensively by various threat groups to exploit and damage computer systems. Initially, the BlackBasta group used phishing and vishing to deliver malware types such as DarkGate and Pikabot but quickly sought alternatives for further malicious activities. By January 2024, BlackBasta had pivoted and was observed using a competing botnet tool called Pikabot, along with an emerging new threat group, Water Curupira, which similarly used Pikabot to drop BlackBasta ransomware. The infection chain of Pikabot was distributed by TA577, a group previously known for its distribution of Qbot, before switching back to Pikabot. The use of Pikabot extended beyond these groups, with the malware being employed in connection with several other initial access malware, including the Pikabot botnet agent, IcedID information stealer, and Gozi backdoor malware families. Blackberry researchers also identified an increased use of particular malware families, including PrivateLoader, RisePro, SmokeLoader, and PikaBot. While Qakbot returned in some limited form, it was largely supplanted by its would-be successors, Pikabot and DarkGate. Between May 27 and 29, 2024, an international law enforcement operation coordinated by Europol, codenamed Operation Endgame, targeted malware droppers like Pikabot. This operation aimed to disrupt the activities of these harmful programs and protect users from potential threats. Despite these efforts, Pikabot remains a significant cybersecurity concern, providing initial access to infected computers and enabling ransomware deployments, remote takeovers, and data theft.
Description last updated: 2024-11-28T11:51:21.794Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
IcedID is a possible alias for Pikabot. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d
4
TA577 is a possible alias for Pikabot. TA577 is a threat actor, or malicious entity, known for its extensive use of QBot, a banking Trojan. In November 2023, Proofpoint's Threat Research Team identified TA577 as an initial access broker that began using Latrodectus, a new malware, in three separate intrusion campaigns. The group typicall
4
Blackbasta is a possible alias for Pikabot. BlackBasta is a notorious malware group that has emerged as a significant player in the ransomware space. The group has demonstrated an ability to adapt and evolve their tactics, making them a leading entity in the Russian-language ransomware domain. Initially, BlackBasta was observed using a botnet
3
Smokeloader is a possible alias for Pikabot. SmokeLoader is a malicious software (malware) that acts as a loader for other malware, injecting malicious code into the currently running explorer process and downloading additional payloads to the system. It has been used in conjunction with Phobos ransomware by threat actors who exploit its funct
2
Gozi is a possible alias for Pikabot. Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Loader
Payload
Ransomware
Trojan
Phishing
Malvertising
Spam
Botnet
Evasive
Windows
Exploit
Dropper
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The QakBot Malware is associated with Pikabot. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt opeUnspecified
9
The Darkgate Malware is associated with Pikabot. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicioUnspecified
5
The Black Basta Malware is associated with Pikabot. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesUnspecified
3
The Qbot Malware is associated with Pikabot. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23 Unspecified
3
The Bumblebee Malware is associated with Pikabot. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee havUnspecified
2
The Systembc Malware is associated with Pikabot. SystemBC is a type of malware, or malicious software, known for its disruptive and exploitative nature. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal personal information, interrupt operations, or hold data hostage fUnspecified
2
The Blackbasta Ransomware Malware is associated with Pikabot. The BlackBasta ransomware is a malicious software developed by a Russia-linked group known for exploiting and damaging computer systems, often without the user's knowledge. The group has been involved in numerous high-profile cyberattacks, including those on American Alarm and Communications, a leadUnspecified
2
Source Document References
Information about the Pikabot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Securityaffairs
2 months ago
DARKReading
5 months ago
BankInfoSecurity
6 months ago
Securityaffairs
7 months ago
BankInfoSecurity
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
Malwarebytes
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago