Campaign · all campaigns
Water Curupira Pikabot DistributionC0037 unknown
aka Water Curupira Pikabot Distribution
Last updated: 2026-07-03
About this actor
[Pikabot](https://attack.mitre.org/software/S1145) was distributed in [Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) throughout 2023 by an entity linked to BlackBasta ransomware deployment via email attachments. This activity followed the take-down of [QakBot](https://attack.mitre.org/software/S0650), with several technical overlaps and similarities with [QakBot](https://attack.mitre.org/software/S0650), indicating a possible connection. The identified activity led to the deployment of tools such as [Cobalt Strike](https://attack.mitre.org/software/S0154), while coinciding with campaigns delivering [DarkGate](https://attack.mitre.org/software/S1111) and [IcedID](https://attack.mitre.org/software/S0483) en route to ransomware deployment.(Citation: TrendMicro Pikabot 2024)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 11 / 14 | 79% |
CA-7 | 10 / 14 | 71% |
CM-2 | 10 / 14 | 71% |
CM-6 | 10 / 14 | 71% |
SI-3 | 10 / 14 | 71% |
AC-4 | 7 / 14 | 50% |
CM-7 | 7 / 14 | 50% |
SC-7 | 7 / 14 | 50% |
SI-10 | 7 / 14 | 50% |
SI-7 | 7 / 14 | 50% |
SC-44 | 5 / 14 | 36% |
SI-2 | 5 / 14 | 36% |
SI-8 | 5 / 14 | 36% |
AC-2 | 4 / 14 | 29% |
AC-3 | 4 / 14 | 29% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- TA551 0.42
- Nomadic Octopus 0.39
- Rancor 0.36
- Machete 0.35
- Molerats 0.34