Pikabot (fb1b0624-3290-5977-abbc-bc9609b51f8d)
Pikabot is a backdoor used for initial access and follow-on tool deployment active since early 2023. Pikabot is notable for extensive use of multiple encoding, encryption, and defense evasion mechanisms to evade defenses and avoid analysis. Pikabot has some overlaps with QakBot, but insufficient evidence exists to definitively link these two malware families. Pikabot is frequently used to deploy follow on tools such as Cobalt Strike or ransomware variants.[Zscaler Pikabot 2023][Elastic Pikabot 2024][Logpoint Pikabot 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| TA577 (e1e72810-4661-54c7-b05e-859128fb327d) | Tidal Groups | Pikabot (fb1b0624-3290-5977-abbc-bc9609b51f8d) | Tidal Software | 1 |