Cyber Resilience

Campaign · all campaigns

Water Curupira Pikabot DistributionC0037 unknown

aka Water Curupira Pikabot Distribution

Last updated: 2026-07-03

0attributed CVEs
14ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Pikabot](https://attack.mitre.org/software/S1145) was distributed in [Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) throughout 2023 by an entity linked to BlackBasta ransomware deployment via email attachments. This activity followed the take-down of [QakBot](https://attack.mitre.org/software/S0650), with several technical overlaps and similarities with [QakBot](https://attack.mitre.org/software/S0650), indicating a possible connection. The identified activity led to the deployment of tools such as [Cobalt Strike](https://attack.mitre.org/software/S0154), while coinciding with campaigns delivering [DarkGate](https://attack.mitre.org/software/S1111) and [IcedID](https://attack.mitre.org/software/S0483) en route to ransomware deployment.(Citation: TrendMicro Pikabot 2024)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-411 / 1479%
CA-710 / 1471%
CM-210 / 1471%
CM-610 / 1471%
SI-310 / 1471%
AC-47 / 1450%
CM-77 / 1450%
SC-77 / 1450%
SI-107 / 1450%
SI-77 / 1450%
SC-445 / 1436%
SI-25 / 1436%
SI-85 / 1436%
AC-24 / 1429%
AC-34 / 1429%

Co-occurring actors

None.

Similar actors

Similar TTPs