Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques

PikaBot is a sophisticated malware identified as a backdoor or loader, first noted in early 2023, designed for adaptability and modularity, allowing cybercriminals to augment its capabilities easily. It primarily spreads through email phishing campaigns, exploiting known vulnerabilities and employing techniques like DLL Search Order Hijacking and CVE-2023-33151. PikaBot uses several evasion tactics, including code injection, use of ADVobfuscator for string obfuscation, and geolocation awareness, which halts its execution in specific regions. Notably, it acts as a conduit for additional malicious payloads such as ransomware or infostealers. The malware is distributed via complex attack chains, often involving deceptive email attachments like PDFs or Excel files, which download and execute further malicious components. Detection focuses on behavioral analysis of phishing vectors and the malware's distribution techniques, with Sublime's platform offering free tools for community protection against these threats.