{"description": "Enterprise techniques used by Water Curupira Pikabot Distribution, ATT&CK campaign C0037 (v1.0)", "name": "Water Curupira Pikabot Distribution (C0037)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1059", "showSubtechniques": true}, {"techniqueID": "T1059.003", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) installation via JavaScript will launch follow-on commands via cmd.exe.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1059.007", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) initial delivery included obfuscated JavaScript objects stored in password-protected ZIP archives.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1140", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) used highly obfuscated JavaScript files as one initial installer for [Pikabot](https://attack.mitre.org/software/S1145).(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1589", "showSubtechniques": true}, {"techniqueID": "T1589.002", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) utilizes thread spoofing of existing email threads in order to execute spear phishing operations.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1105", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) used Curl.exe to download the [Pikabot](https://attack.mitre.org/software/S1145) payload from an external server, saving the file to the victim machine's temporary directory.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1566", "showSubtechniques": true}, {"techniqueID": "T1566.001", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) attached password-protected ZIP archives to deliver [Pikabot](https://attack.mitre.org/software/S1145) installers.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1218", "showSubtechniques": true}, {"techniqueID": "T1218.011", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) utilizes rundll32.exe to execute the final [Pikabot](https://attack.mitre.org/software/S1145) payload, using the named exports `Crash` or `Limit` depending on the variant.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1204", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) requires users to interact with malicious attachments in order to start [Pikabot](https://attack.mitre.org/software/S1145) installation.(Citation: TrendMicro Pikabot 2024)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1204.001", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) distributed a PDF attachment containing a malicious link to a [Pikabot](https://attack.mitre.org/software/S1145) installer.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1204.002", "comment": "[Water Curupira Pikabot Distribution](https://attack.mitre.org/campaigns/C0037) delivered [Pikabot](https://attack.mitre.org/software/S1145) installers as password-protected ZIP files containing heavily obfuscated JavaScript, or IMG files containing an LNK mimicking a Word document and a malicious DLL.(Citation: TrendMicro Pikabot 2024)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Water Curupira Pikabot Distribution", "color": "#66b1ff"}]}