Water Curupira

Also known as: Water Curupira

With its emergence in 2022, Water Curupira has established itself as a persistent threat actor targeting organizations primarily in South America and Europe. Their modus operandi involves a combination of social engineering tactics and a diversified malware arsenal, including ransomware variants like Black Basta and credential stealers like Cobalt Strike. This multifaceted approach enables them to gain unauthorized access to victim systems, steal sensitive data, and ultimately extort victims through ransomware demands. It has been actively using Pikabot, a loader malware with similarities to Qakbot, in spam campaigns throughout 2023.

Introduction

With its emergence in 2022, Water Curupira has established itself as a persistent threat actor targeting organizations primarily in South America and Europe. Their modus operandi involves a combination of social engineering tactics and a diversified malware arsenal, including ransomware variants like Black Basta and credential stealers like Cobalt Strike. This multifaceted approach enables them to gain unauthorized access to victim systems, steal sensitive data, and ultimately extort victims through ransomware demands. It has been actively using Pikabot, a loader malware with similarities to Qakbot, in spam campaigns throughout 2023.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • BlackEnergy
  • BLACKCOFFEE
  • Blackshades
  • BlackNix
  • BlackHole
  • Cobalt Strike

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.