SHA256HighVerifiedSignal 100/100
9a6ec012e1a7da9dbe34194d478ad7c0db1822fb071df12981496ed104384113
Location
Trinidad and TobagoFirst Seen
Feb 25, 2024
Last Seen
Mar 20, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports99% confidence
5
Source reports
99%
Confidence score
Category tags
abc companyabcdabuseac raizacademic institutionsaccessaccommodation and food servicesaccommodation servicesaccountacrobat dcadobeactive scanningadaptiveaddressadobeadobe crashadwareaffaagentagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingalbertaalbertandpalfaaliasesalienvault_ransomwareallaalmaamos gouauxanalyzeanguillaaoslogapconfigurationapcsbucketidapfs containerapfs encryptionapfs snapshotapi keyapisapolloapplappleapple computerapple m2apple rootapple swiftapple upgradeaptaqw1archarch x8664archive fileargusarisarm64earrangearrayarubaas expresslyasauthorizationascii lowercaseasextern externasiaassured idattemptaudioaustraliaauthenticatorauthor1authorityauthorizationautomounter mapbabybankingbarbadosbashnobasic systembattery powerbeepbeginberdumpberdupbestbest buybewarebin usrsbinbindash binkshbinsh bintcshbiosbios infectionbios malwarebluetooth attackbluetooth propagationboawbodybonjourbonjour apisbonjour txtboolbool appidbool didwritebool successboolean valuebotname httpbotnetbrainbravebrave browserbrazilbridgebrowser hijackerbrute forcebugsbut notbuyby applec2callcanadacancelcarecarrcarries http referercertificate analysiscertificate exploitationcertificate manipulationcertificate store manipulationcgfloatcgrectcgsizechaoscharsetcharset langcheckcheckschrome helperchrome webcisco devicecivil servicesck v13classclick-based attackclocal modeclockcloudcloud computingcloud migrationcloud securitycloud servicescloud storagecobwacode executioncode injectioncode obfuscationcode signaturecogwocombine importcommand and controlcommand executioncommand linecommon setupcommunication protocolcommunication technologiescompromised credentialsconfigconstconsumer goodscontributorcontributorscookiescorporationcose algorithmcose curvecosta ricacottbuscouldcredential brute forcecredit card servicescrl signcrop productioncrtcryptocurrency threatscryptojackingcryptominercryptominingctrlccuraçaocyrusdaemondaemondirectorydahua backdoor attemptdamagedarwin kerneldata accessdata copyingdata encryptiondata exfiltrationdata transferdbi releasedbisdcerpc protocolde lde macosdecidesdefault pfdefinedeletedeliver maildenial of servicedesktopdevice daemondevice managementdevnulldictdigital signaturedigital stalkingdirectdisco usadiskgthis diskdistributed attacksdo notdockdoctypedocwbacdocwbagdoubledovecotdsauthenticatordsnodedynamic analysisecdsaeditedit urieducationeducational resourceseducational serviceseducational technologyeduroameh uielectronic health recordsenableenablesencrypt gmailenergyenergy distributionenforceenglandenglishenterprise networkingentityentrust rootentryenv crawlerepp protocolerroreu cyber policieseuifeuropeeveryexample shareextensionextensionsextortionfailfarmingfax receptionfcodesffssfilefile-hashfilescanfilters whilefinancefinance and insurancefinancial servicesfinancial technologyfindfixed speedflagsflowcryptfoewdcfood productionfood servicesforceformatfree malware sandboxfreebsdfrenchfri decfri julftpdfulfillfuncsfusionfuturegate daemongb disk0s3geckogeekgenerated fromgenericgermangermanyget homeglobal rootgnu generalgoodgooglegoogle chromegovabgovernment technologygroupgroup databaseguest servicesh20hphhashhealth care and social assistancehealth information technologyhealthcare information systemshehehehxhellhellenic ahelperherahhk8dihif hhifhhigher educationhisphistory filehmhhihqhyla hqholdhomehome autohomehospital managementhospitality technologyhostname enumerationhotelshttp brute forcehttp responsehttp scannerhttpshttps urlshuhkhunthybrid analysisi denneianaicannicmpicmpv4 protocolignoreimp2comimpactimpdbhimproper useimpsthindicatorinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinpckinputinput validation bypassinputsinsertinstallintegerinteractive sandboxinvalidiocipv6ipv6 hostirelandis providedisisisp mailit infrastructurejabberjsonjumpcloud gojumpcloud ldapk-12 educationkamekatykerberos adminkerberos changekernelkey certkeyloggerkf10kf11kf12kf13kgs0kgso activitykhtmlkjsonextensionkls0klso activityknown-distributorkoreanlanguage lcalllarightlateral movementlaunchd sandboxldapleleilevellevel infolevy kyttlicenselimited tolines columnslinklinked againstlinuxlivestock managementlocalloghookloginwindowtextlooklutz jaenickem1460m265mac142macintosh hdmacosmacos xmagicmailmail returnedmainmake bashmalicious certificate activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware analisys onlinemalware analysismalware distributionmalware filemalware huntingmalware sandboxmalware sandbox analysismalware sandbox onlinemalware sandboxes servicesmalware signingmanpathmanpath optmanmanymarkmark monitormatchesmatches usermaybemcextern externmcsessionmcsession apimdm profilemediamedical servicesmexicomicrosoft eccmicrosoft rootmicrosoft timemimemime typemindmixedmobile carriersmobile networksmodern smtpmonitoringmountmprcjymsrootmulti-cloud managementmusicmustmyvarnamename sizenetbootnetherlandsnetworknetwork infrastructurenetwork propagationnetwork reconnaissancenetwork scanningnetwork spreadnetwork wormnie snmap synnnnbaudno groupno helpnorth americanortonnotenoticenroffnsarraynsdatansdata firstnsdata readdatansdata secondnsdata useridnsdatensenumnserrornsextensionnsimagensinteger ranknssetnsstring appidnsstring codensstring labelnsstring namensstring originnsstring usernsswiftuiactornsurlnsurl urlnsuuid uuidnumbero libraryleveloauthoceaniaodbcogwooil & gasold exampleonlineonline malware sandboxonline sandboxonline sandbox analysisonlyopaque useropenopen directoryopenssl packageopenssl projectoperaoperationor evenorionoutlookoutputoveroveriep256paramparenb istripparitypasspasswordpath traversalpathbinpatient carepayment processingpc entrypeerperformpersistence mechanismpersonphilippinesphishingphysical storepidfilepipe wallpiperpleaseplease noteplistpluginpolandposixpostpostfixpostfix dsnpostfix masterpostfix pipepostfix queuepostfix scsdpostfix smtppostfix versionpower generationpower systemspre-boot executionprebootpreboot executionpreboot infectionprecision agriculturepremiumprepareprfenpriorprivacy badgerprivate seckeysprocess injectionproduct rootproduct xprogrampromiseproofprotonprotonvpnprovides macrospublic administrationpublic folderpublic infrastructurepublic policypublic primarypurposeputbackpythonq1 0q1b 0q1b0quantumr etcbashrcr uftpexur11b0r301ranlibransomwarerapidratrave scoutrcmprcmp abrcmp kelownareadme filesrealmrecent cyrusreconnaissanceredistributionreferrefs addressregional securityregulatory agenciesrejectreject emptyrelyingrelying partyremember thatremote accessremoverenewable energyreplace userreplyreportresearchedresource hijackingrestaurant operationsresult formatresumeretail tradereturnpath viareturnsreturns yesrootroot carootcarootkitrpcsrcrsvprule matched1rulesrussians checkwinsizes mdworkersafarisamba serversamlsample acsample digicertsample emsignsample hellenicsandboxsandbox analysis onlinesandbox malware onlinesandbox onlinesandbox servicesbinscanidschemescorescripting attackssearchpathssectionsecurity csecurity operationssee alsosenderserver adminservicesessionset commandsettings appsetupsetup usersharehistoryshellshellsessiondirsigabrtsigkillsigtrapsimplesint maarten (dutch part)sizesize wiredsliceslovakiasmtpsmtp serversocial engineeringsoftware developmentsoftware integritysouth americaspagainspanishspeaderspecifysql datatypesqlguidsqloksquadssdeepsshauthsockstarfieldstartstatestaticstatic analysisstatus mailfromstopstorestubsubmitsuckysunnet managersupersupply chain attacksurvives reformatsustainable agriculturesuuidsv attrsv attribssv hsv keysvsv paramssvrvswift importswitchsynacksystsystemsystem disruptionsystypet optiont1005t1012t1021.004t1027t1030t1040t1053t1053.005t1055t1056t1059t1059.001t1059.004t1059.007t1068t1071t1071.001t1078t1078.001t1082t1086t1090t1105t1106t1110t1112t1113t1115t1140t1176t1189t1190t1195t1200t1202t1204t1204.001t1204.002t1217t1219t1486t1490t1496t1499.001t1499.002t1499.003t1542t1542.001t1542.003t1543t1543.003t1547t1547.001t1552t1553t1554.001t1554.003t1555t1555.003t1562t1565t1566t1566.001t1574t1574.001t1583t1583.001t1583.004t1583.006t1587.001t1588t1589.001t1590.001t1595t1595.001t1595.002t1595.003t1609t1614tablestagstargettargetosiostargetstcpipteamtelecom servicestelecommunicationstelltelustermtermsessionidthe programthisthis softwarethreat intelligencetim buncetime codetipstls/ssl crawlertmpdirtoolstopotourismtracetrashtriagetrinidad and tobagotrofftrojan malwaretruets rootturkishualbertauefiuefi malwareui elementui helperuiimageukraineunauthorized accessuncommentunited kingdomunited statesunixunix copyunix passwordupdaterurlsusb propagationuse directoryuseruser databaseuser executionuser interaction requireduser unknownusrsbinutf8 encodinguucpuuidvaargsvartmpvendorverbose endversionvetting processvirgin islands, u.s.virtualvirusvisudovnsdatevoidvolumewaitingwarnwarpwealth managementweb application exploitationweb browserweb exploitationweb tokenweb trafficwebauthnwebkitwebviewwhatispagerwhetherwhinywhois data manipulationwietse venemawindowwindows sp1wireless network attackwkswiftuiactorwkwebextensionwriteyubicozakkzapiszdotdirzero
Activity Timeline
Mar 20Mar 20
Threat Activity Heatmap
· Peak: 2026-03-20LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
5
Reports
First seenFeb 25, 2024
Last seenMar 20, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- Files from a Virus that has plagued my life for the past 7 months. Preboots Bios and spreads via bluetooth. Infected Best Buy's network, which they deny, causing me to call it The Best Buy Virus. Previously I referred to it everywhere as WhinySuckyBaby because of how childish the individual on the other side is.
- references
- https://www.tiktok.com/@jeffersonultra/video/7404142059327687942?is_from_webapp=1&sender_device=pc&web_id=7408601050825868806, https://www.tiktok.com/@jeffersonultra/video/7401970649561894150, Https://BiosVir.us, Https://BluetoothVirus.com, https://www.virustotal.com/gui/collection/f3bb0fe192a7a669edd061, https://www.virustotal.com/graph/embed/g1313cfcd67d34e9c8d8438d6, index.html.en, bind.html, caching.html, BUILDING, configuring.html, content-negotiation.html, custom-error.html, convenience.map, LDAP.tbd, lber.h, ldap.h, LocalAuthentication.tbd, arm64e-apple-macos.swiftinterface, x86_64-apple-ios-macabi.swiftinterface, arm64e-apple-ios-macabi.swiftinterface, x86_64-apple-macos.swiftinterface, MultipeerConnectivity.tbd, module.modulemap, MCNearbyServiceAdvertiser.h, MCPeerID.h, MCError.h, MCNearbyServiceBrowser.h, MCAdvertiserAssistant.h, MultipeerConnectivity.apinotes, MultipeerConnectivity.h, MCSession.h, MCBrowserViewController.h, dbivport.h, dbi_sql.h, dbd_xsh.h, dbixs_rev.h, Driver_xst.h, DBIXS.h, hook_op_check.h, Admin.tbd, AirPlayReceiver.tbd, apfs_boot_mount.tbd, AOSKit.tbd, APConfigurationSystem.tbd, AppleFirmwareUpdate.tbd, launchdaemons.txt, preboot_archive_errors.log, mounts.txt, launchagents.txt, disk_structure.txt, user_launchagents.txt, security_status.txt, kexts.txt, process_list.txt, battery.csv, diskEncryption.csv, chromeExtensions.csv, crashes.csv, interfaceAddrs.csv, kernel.csv, interfaceDetails.csv, etcHosts.csv, applications.csv, mounts.csv, sharedFolders.csv, certificates.csv, sharingPreferences.csv, launchD.csv, usbDevices.csv, managedPolicies.csv, systemInfo.csv, users.csv, sipConfig.csv, systemControls.csv, canonical, aliases, custom_header_checks, access, bounce.cf.default, generic, header_checks, main.cf.default, LICENSE, makedefs.out, main.cf, master.cf.default, main.cf.proto, master.cf.proto, master.cf, TLS_LICENSE, postfix-files, transport, virtual, relocated, afpovertcp.cfg, asl.conf, auto_home, auto_master, autofs.conf, bashrc_Apple_Terminal, com.apple.screensharing.agent.launchd, bashrc, command_args.json, csh.cshrc, csh.login, find.codes, csh.logout, ftpusers, gettytab, irbrc, kern_loader.conf, group, locate.rc, man.conf, mail.rc, manpaths, networks, nfs.conf, newsyslog.conf, ntp_opendirectory.conf, ntp.conf, notify.conf, paths, pf.conf, passwd, profile, pf.os, protocols, rc.netboot, rc.common, rmtab, resolv.conf, rtadvd.conf, rpc, shells, smb.conf, sudo_lecture, ttys, syslog.conf, xtab, sudoers, zprofile, zshrc, zshrc_Apple_Terminal, CodeResources, version.plist, Info.plist, https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs, https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary, https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a, https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community, https://tria.ge/250210-3c3c3askfz, https://tria.ge/250210-3nh4kasmes, https://tria.ge/250210-3y8f7sspdy, https://tria.ge/250211-dhpxgswlax, https://tria.ge/250211-dt1hcswme1, https://tria.ge/250211-dx9v7swnbw, Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a, https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark, https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a, c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a, Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7, https://www.virustotal.com/graph/embed/g9e26667333d9418897f0ed8ce09560a6f8c68666f388427fb984306cf72b0125?theme=dark, https://www.virustotal.com/graph/embed/ga6f4f3cb5f1143dba3a0c5c4de4b4253709421851a914925a1512678f1034e9a?theme=dark, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a/iocs, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a/graph, https://www.virustotal.com/graph/embed/g0d379c712b7f4a9eb508d3a99b321893d01dea728ea14fcb889a04dfe05f5f6b?theme=dark, https://www.virustotal.com/graph/embed/g7a71a4d796b548dea709d925ba2f612b75b944e6e27849b4b0baee3764a972bc?theme=dark, https://tria.ge/240830-vvtvmsvhlg, https://tria.ge/240830-vywteawape, https://tria.ge/240830-v2wykswbrf, https://tria.ge/240830-wkhv3axbkh, https://tria.ge/240830-v7p28axcnp, https://tria.ge/240830-v5fe1awcrh, https://viz.greynoise.io/analysis/93e7b998-55e5-4da9-88dd-11d6217d0fe2, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723/community, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723/iocs, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723/graph, https://viz.greynoise.io/analysis/a1ebb5ca-0985-43db-a8e4-83673134a813, https://viz.greynoise.io/query/AS8075, https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305/summary, https://www.virustotal.com/graph/embed/g157209fb9f6643a8bc819522fd9e644c70ae0f541aa347b4aa19b1636ee6d556?theme=dark, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/65d8c22c9a6367d4742ddd59, https://www.virustotal.com/gui/collection/d6ec969e2e2b76f2bdb3b75595c50b9bfea53d730e2be98936896a3d110c3531, https://www.virustotal.com/gui/collection/d6ec969e2e2b76f2bdb3b75595c50b9bfea53d730e2be98936896a3d110c3531/iocs, https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments, https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9/iocs, https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305/iocs, https://viz.greynoise.io/analysis/6d4e20f2-7e0c-4d31-83a6-f973343f4dd1, https://viz.greynoise.io/analysis/5f89eddc-2668-47a2-8f6b-d4d81a31180c, https://us-test-sandbox.recordedfuture.com/240617-g49essyaqa, https://us-test-sandbox.recordedfuture.com/240617-h4dhsszdkg, https://us-test-sandbox.recordedfuture.com/240617-h53t3stfmj, https://us-test-sandbox.recordedfuture.com/240617-jak68azfqa, https://us-test-sandbox.recordedfuture.com/240617-h73bbszepa, https://tria.ge/240617-g49essyaqa/behavioral1, https://www.virustotal.com/graph/embed/g5d8ecedaf40940ec8c84636da79426ec6a5f316d51874b499b47a02a8cef4a21?theme=dark, jwanihad - _No Problems__ Investigation of Distribution Vectors and Threat Network Infrastructure - files.stix, jwanihad - _No Problems__ Investigation of Distribution Vectors and Threat Network Infrastructure - domains.stix, https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376, https://ualbertaca-my.sharepoint.com/:f:/g/personal/jwanihad_ualberta_ca/EhLQD31IDHxMo2_PJev991AB8axG-g39-7GRT4V2KfX9Cg?e=FHpCUr, https://www.google.com/url?client=internal-element-cse&cx=003414466004237966221:dgg7iftvryo&q=https://any.run/report/26b19ed6b29d4f27db1487e13281f0c80753d320a1a2bd9703dec5cb97580c33/c4a777b1-f9b7-4e65-bf6d-d80d0b5c996e&sa=U&ved=2ahUKEwic5Kv_7MH2AhVnQvEDHeIwAVsQFnoECAkQAg&usg=AOvVaw3YaSzDTJOZNf7XGn5zphhr, 35.241.45.82, 46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 2 years ago · Last seen 2 months ago
Appeared in 5 threat reports