Pikabot was distributed in Pikabot Distribution February 2024 using malicious emails with embedded links leading to malicious ZIP archives requiring user interaction for follow-on infection. The version of Pikabot distributed featured significant changes over the 2023 variant, including reduced code complexity and simplified obfuscation mechanisms.[1][2]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
Pikabot Distribution February 2024 passed execution from obfuscated JavaScript files to PowerShell scripts to download and install Pikabot.[1] |
.007 | Command and Scripting Interpreter: JavaScript |
Pikabot Distribution February 2024 utilized obfuscated JavaScript files for initial Pikabot payload download.[1] |
||
Enterprise | T1574 | Hijack Execution Flow |
Pikabot Distribution February 2024 utilized a tampered legitimate executable, |
|
Enterprise | T1566 | .002 | Phishing: Spearphishing Link |
Pikabot Distribution February 2024 utilized emails with hyperlinks leading to malicious ZIP archive files containing scripts to download and install Pikabot.[1] |
ID | Name | Description |
---|---|---|
S1145 | Pikabot |
Pikabot Distribution February 2024 distributed Pikabot for initial access purposes in February 2024.[1][2] |