IOC Radar
SHA256HighVerifiedSignal 100/100

cbb9c44d84b8043e1050ea31a69f514955d7bfd2e2c6b49301019ad61d9f5058

Location
BarbadosBarbados
First Seen
Feb 25, 2024
Last Seen
Mar 2, 2026
Feb 25
First Seen
857d ago
Mar 2
Last Seen
121d ago
5
Reports
source reports
99%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

83 techniques

Feed Intelligence Summary

5 reports99% confidence
5
Source reports
99%
Confidence score
Category tags
abc companyabcdabuseac raizacademic institutionsaccessaccommodation and food servicesaccommodation servicesaccountacrobat dcadobeactive scanningadaptiveaddressadobeadobe crashadwareaffaagentagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingalbertaalbertandpalfaaliasesalienvault_ransomwareallaalmaamos gouauxanalyzeanguillaaoslogapconfigurationapcsbucketidapfs containerapfs encryptionapfs snapshotapi keyapisapolloapplappleapple computerapple m2apple rootapple swiftapple upgradeaptaqw1archarch x8664archive fileargusarisarm64earrangearrayarubaas expresslyasauthorizationascii lowercaseasextern externasiaassured idattemptaudioaustraliaauthenticatorauthor1authorityauthorizationautomounter mapbabybankingbarbadosbashnobasic systembattery powerbeepbeginberdumpberdupbestbest buybewarebin usrsbinbindash binkshbinsh bintcshbiosbios infectionbios malwarebluetooth attackbluetooth propagationboawbodybonjourbonjour apisbonjour txtboolbool appidbool didwritebool successboolean valuebotname httpbotnetbrainbravebrave browserbridgebrowser hijackerbrute forcebugsbut notbuyby applec2callcanadacancelcarecarrcertificate analysiscertificate exploitationcertificate manipulationcertificate revocationcertificate store manipulationcertificate validation failurecgfloatcgrectcgsizechaoscharsetcharset langcheckcheckschrome helperchrome webcisco devicecivil servicesck v13classclocal modeclockcloudcloud computingcloud migrationcloud securitycloud servicescloud storagecobwacode executioncode injectioncode obfuscationcode signaturecode signing certificatescogwocombine importcommand and controlcommand executioncommand linecommon setupcommunication protocolcommunication technologiescompromised certificatescompromised credentialsconfigconstconsumer goodscontributorcontributorscookiescorporationcose algorithmcose curvecosta ricacottbuscouldcredential brute forcecredential harvestingcredit card servicescrl signcrop productioncrtcryptocurrency threatscryptojackingcryptominercryptominingctrlccuraçaocyrusdaemondaemondirectorydamagedarwin kerneldata accessdata copyingdata encryptiondata exfiltrationdata transferdbi releasedbisde lde macosdecidesdefault pfdefinedeletedeliver maildenial of servicedesktopdevice daemondevice managementdevnulldictdigital signaturedigital stalkingdirectdisco usadiskgthis diskdistributed attacksdo notdockdoctypedocwbacdocwbagdoubledovecotdsauthenticatordsnodedynamic analysisecdsaeditedit urieducationeducational resourceseducational serviceseducational technologyeduroameh uielectronic health recordsenableenablesencrypt gmailenergyenergy distributionenforceenglandenglishenterprise networkingentityentrust rootentryepp protocolerroreu cyber policieseuifeuropeeveryexample shareextensionextensionsextortionfailfake certificatesfarmingfax receptionfcodesffssfilefile-hashfilescanfilters whilefinancefinance and insurancefinancial servicesfinancial technologyfixed speedflagsflowcryptfoewdcfood productionfood servicesforceformatfreebsdfri decfri julftpdfulfillfuncsfusionfuturegate daemongb disk0s3geckogeekgenerated fromgenericgermanyget homeglobal rootgnu generalgoodgooglegoogle chromegovabgovernment technologygroupgroup databaseguest servicesh20hphhashhealth care and social assistancehealth information technologyhealthcare information systemshehehehxhellhellenic ahelperherahhk8dihif hhifhhigher educationhisphistory filehmhhihqhyla hqholdhomehome autohomehospital managementhospitality technologyhostname enumerationhotelshttp brute forcehttp responsehttp scannerhttpshttps urlshuhkhunthybrid analysisi denneianaicannicmpignoreimp2comimpactimpdbhimproper useimpsthindicatorinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinpckinputinput validation bypassinputsinsertinstallintegerinvalidiocipv6ipv6 hostirelandis providedisisisp mailit infrastructurejabberjsonjumpcloud gojumpcloud ldapk-12 educationkamekatykerberos adminkerberos changekernelkey certkeyloggerkf10kf11kf12kf13kgs0kgso activitykhtmlkjsonextensionkls0klso activityknown-distributorlanguage lcalllarightlateral movementlaunchd sandboxldapleleilevellevel infolevy kyttlicenselimited tolines columnslinklinked againstlinuxlivestock managementlocalloghookloginwindowtextlooklutz jaenickem1460m265mac142macintosh hdmacosmacos xmagicmailmail returnedmainmake bashmalicious certificate activitymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware analysismalware distributionmalware filemalware signingman-in-the-middlemanpathmanpath optmanmanymarkmark monitormatchesmatches usermaybemcextern externmcsessionmcsession apimdm profilemediamedical servicesmexicomicrosoft eccmicrosoft rootmicrosoft timemimemime typemindmisissued certificatesmixedmobile carriersmobile networksmodern smtpmonitoringmountmprcjymsrootmulti-cloud managementmusicmustmyvarnamename sizenetbootnetherlandsnetworknetwork infrastructurenetwork propagationnetwork reconnaissancenetwork scanningnetwork spreadnetwork wormnie snmap synnnnbaudno groupno helpnorth americanortonnotenoticenroffnsarraynsdatansdata firstnsdata readdatansdata secondnsdata useridnsdatensenumnserrornsextensionnsimagensinteger ranknssetnsstring appidnsstring codensstring labelnsstring namensstring originnsstring usernsswiftuiactornsurlnsurl urlnsuuid uuidnumbero libraryleveloauthoceaniaodbcogwooil & gasold exampleonlineonline sandboxonlyopaque useropenopen directoryopenssl packageopenssl projectoperaoperationor evenorionoutlookoutputoveroveriep256paramparenb istripparitypasspasswordpath traversalpathbinpatient carepayment processingpc entrypeerperformpersistence mechanismpersonphilippinesphishingphishing attackphysical storepidfilepipe wallpiperpleaseplease noteplistpluginpolandposixpostpostfixpostfix dsnpostfix masterpostfix pipepostfix queuepostfix scsdpostfix smtppostfix versionpower generationpower systemspre-boot executionprebootpreboot executionpreboot infectionprecision agriculturepremiumprepareprfenpriorprivacy badgerprivate seckeysprocess injectionproduct rootproduct xprogrampromiseprotonprotonvpnprovides macrospublic administrationpublic folderpublic infrastructurepublic policypublic primarypurposeputbackpythonq1 0q1b 0q1b0quantumr etcbashrcr uftpexur11b0r301ranlibransomwarerapidratrave scoutrcmprcmp abrcmp kelownareadme filesrealmrecent cyrusreconnaissanceredistributionreferrefs addressregional securityregulatory agenciesrejectreject emptyrelyingrelying partyremember thatremote accessremoverenewable energyreplace userreplyreportresearchedresource hijackingrestaurant operationsresult formatresumeretail tradereturnpath viareturnsreturns yesrootroot carootcarootkitrpcsrcrsvprule matched1ruless checkwinsizes mdworkersafarisamba serversamlsample acsample digicertsample emsignsample hellenicsandboxsbinscanidschemescorescripting attackssearchpathssectionsecurity csecurity operationssee alsoself-signed certificatessenderserver adminservicesessionset commandsettings appsetupsetup usersharehistoryshellshellsessiondirsigabrtsigkillsigtrapsimplesint maarten (dutch part)sizesize wiredsliceslovakiasmtpsmtp serversocial engineeringsoftware developmentsoftware integrityspagainspeaderspecifysql datatypesqlguidsqloksquadssdeepsshauthsocksslstarfieldstartstatestaticstatic analysisstatus mailfromstopstorestubsubmitsuckysunnet managersupersupply chain attacksurvives reformatsustainable agriculturesuuidsv attrsv attribssv hsv keysvsv paramssvrvswift importswitchsynacksystsystemsystem disruptionsystypet optiont1005t1012t1021.004t1027t1030t1040t1053t1053.005t1055t1056t1059t1059.001t1059.004t1059.007t1068t1071t1071.001t1078t1078.001t1082t1086t1090t1105t1106t1110t1112t1113t1115t1140t1176t1189t1190t1195t1200t1202t1204t1204.001t1204.002t1217t1219t1486t1490t1496t1499.001t1499.002t1499.003t1542t1542.001t1542.003t1543t1543.003t1547t1547.001t1552t1553t1554.001t1554.003t1555t1555.003t1562t1565t1566t1566.001t1566.002t1566.003t1574t1574.001t1583t1583.001t1583.004t1583.006t1587.001t1588t1589t1589.001t1590.001t1595t1595.001t1595.002t1595.003t1608t1609t1614tablestagstargettargetosiostargetstcpipteamtelecom servicestelecommunicationstelltelustermtermsessionidthe programthisthis softwarethreat intelligencetim buncetime codetipstlstmpdirtoolstopotourismtracetrashtriagetrinidad and tobagotrofftrojan malwaretruets rootualbertauefiuefi malwareui elementui helperuiimageukraineunauthorized accessuncommentunited kingdomunited statesunixunix copyunix passwordupdaterurlsusb propagationuse directoryuseruser databaseuser interaction requireduser unknownusrsbinutf8 encodinguucpuuidvaargsvartmpvendorverbose endversionvetting processvirgin islands, u.s.virtualvirusvisudovnsdatevoidvolumewaitingwarnwarpwealth managementweb application exploitationweb browserweb exploitationweb tokenweb trafficwebauthnwebkitwebviewwhatispagerwhetherwhinywhois data manipulationwietse venemawindowwindows sp1wireless network attackwkswiftuiactorwkwebextensionwriteyubicozakkzapiszdotdirzero

Activity Timeline

1 total obs
Mar 2Mar 2

Threat Activity Heatmap

· Peak: 2026-03-02
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
5
Reports
First seenFeb 25, 2024
Last seenMar 2, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Certificate, Version=3
references
https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark, https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4, https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25, https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview, https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community, Added some URLs from FSio Report to URLScan, https://www.virustotal.com/graph/embed/g3a6cac2c79a2476a9f8c446f8924d9342d2460704ffc41f29ff75a2249371dcb?theme=dark, https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a, https://www.virustotal.com/gui/collection/2db039ce3643bcc3ff76eadcbc438f10c39a0d1452de61d3fc25f6122df6c931, https://www.virustotal.com/gui/collection/2db039ce3643bcc3ff76eadcbc438f10c39a0d1452de61d3fc25f6122df6c931/iocs, https://filescan.io, https://pastebin.com/PspMDv34, https://www.virustotal.com/graph/embed/gd904dcef8f8048ca854ed4cc4b7a4a0351dd42cd6da1424581d536334daeab10?theme=dark, https://www.virustotal.com/gui/collection/d3ff3b7ee7bca01f2d2ea99cee93f0f69c4eefc7ec8c746dcf5a4c1b941fc301/iocs, https://www.virustotal.com/gui/collection/d3ff3b7ee7bca01f2d2ea99cee93f0f69c4eefc7ec8c746dcf5a4c1b941fc301/summary, https://www.virustotal.com/graph/embed/gdae2a0b0d00a4d3c80a484462764a550a4c7e9c50b224bd1b118f693e5a95029?theme=dark, https://tria.ge/250711-e3c9vscq7y, https://tria.ge/250711-fl3zmaaq71, https://tria.ge/250711-frhwms1zct, https://app.threat.zone/submission/bfcc3301-5f10-4e64-b86d-cd00a70d4fe5/overview, https://www.filescan.io/uploads/68709cc10abaf8edd6ee86b3/reports/ba57db29-7cff-4ee5-8fa2-5aff68957c3e/overview, https://www.tiktok.com/@jeffersonultra/video/7404142059327687942?is_from_webapp=1&sender_device=pc&web_id=7408601050825868806, https://www.tiktok.com/@jeffersonultra/video/7401970649561894150, Https://BiosVir.us, Https://BluetoothVirus.com, https://www.virustotal.com/gui/collection/f3bb0fe192a7a669edd061, https://www.virustotal.com/graph/embed/g1313cfcd67d34e9c8d8438d6, index.html.en, bind.html, caching.html, BUILDING, configuring.html, content-negotiation.html, custom-error.html, convenience.map, LDAP.tbd, lber.h, ldap.h, LocalAuthentication.tbd, arm64e-apple-macos.swiftinterface, x86_64-apple-ios-macabi.swiftinterface, arm64e-apple-ios-macabi.swiftinterface, x86_64-apple-macos.swiftinterface, MultipeerConnectivity.tbd, module.modulemap, MCNearbyServiceAdvertiser.h, MCPeerID.h, MCError.h, MCNearbyServiceBrowser.h, MCAdvertiserAssistant.h, MultipeerConnectivity.apinotes, MultipeerConnectivity.h, MCSession.h, MCBrowserViewController.h, dbivport.h, dbi_sql.h, dbd_xsh.h, dbixs_rev.h, Driver_xst.h, DBIXS.h, hook_op_check.h, Admin.tbd, AirPlayReceiver.tbd, apfs_boot_mount.tbd, AOSKit.tbd, APConfigurationSystem.tbd, AppleFirmwareUpdate.tbd, launchdaemons.txt, preboot_archive_errors.log, mounts.txt, launchagents.txt, disk_structure.txt, user_launchagents.txt, security_status.txt, kexts.txt, process_list.txt, battery.csv, diskEncryption.csv, chromeExtensions.csv, crashes.csv, interfaceAddrs.csv, kernel.csv, interfaceDetails.csv, etcHosts.csv, applications.csv, mounts.csv, sharedFolders.csv, certificates.csv, sharingPreferences.csv, launchD.csv, usbDevices.csv, managedPolicies.csv, systemInfo.csv, users.csv, sipConfig.csv, systemControls.csv, canonical, aliases, custom_header_checks, access, bounce.cf.default, generic, header_checks, main.cf.default, LICENSE, makedefs.out, main.cf, master.cf.default, main.cf.proto, master.cf.proto, master.cf, TLS_LICENSE, postfix-files, transport, virtual, relocated, afpovertcp.cfg, asl.conf, auto_home, auto_master, autofs.conf, bashrc_Apple_Terminal, com.apple.screensharing.agent.launchd, bashrc, command_args.json, csh.cshrc, csh.login, find.codes, csh.logout, ftpusers, gettytab, irbrc, kern_loader.conf, group, locate.rc, man.conf, mail.rc, manpaths, networks, nfs.conf, newsyslog.conf, ntp_opendirectory.conf, ntp.conf, notify.conf, paths, pf.conf, passwd, profile, pf.os, protocols, rc.netboot, rc.common, rmtab, resolv.conf, rtadvd.conf, rpc, shells, smb.conf, sudo_lecture, ttys, syslog.conf, xtab, sudoers, zprofile, zshrc, zshrc_Apple_Terminal, CodeResources, version.plist, Info.plist, https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs, https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary, https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community, https://tria.ge/250210-3c3c3askfz, https://tria.ge/250210-3nh4kasmes, https://tria.ge/250210-3y8f7sspdy, https://tria.ge/250211-dhpxgswlax, https://tria.ge/250211-dt1hcswme1, https://tria.ge/250211-dx9v7swnbw, Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a, https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark, https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a, c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a, Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7, https://www.virustotal.com/graph/embed/g9e26667333d9418897f0ed8ce09560a6f8c68666f388427fb984306cf72b0125?theme=dark, https://www.virustotal.com/graph/embed/ga6f4f3cb5f1143dba3a0c5c4de4b4253709421851a914925a1512678f1034e9a?theme=dark, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a/iocs, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a/graph, https://www.virustotal.com/graph/embed/g0d379c712b7f4a9eb508d3a99b321893d01dea728ea14fcb889a04dfe05f5f6b?theme=dark, https://www.virustotal.com/graph/embed/g7a71a4d796b548dea709d925ba2f612b75b944e6e27849b4b0baee3764a972bc?theme=dark, https://tria.ge/240830-vvtvmsvhlg, https://tria.ge/240830-vywteawape, https://tria.ge/240830-v2wykswbrf, https://tria.ge/240830-wkhv3axbkh, https://tria.ge/240830-v7p28axcnp, https://tria.ge/240830-v5fe1awcrh, https://viz.greynoise.io/analysis/93e7b998-55e5-4da9-88dd-11d6217d0fe2, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723/community, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723/iocs, https://www.virustotal.com/gui/collection/d6cc140d6120a6ca1e06f5eec3190446022a455942d383ae49fe1cf90fea9723/graph, https://viz.greynoise.io/analysis/a1ebb5ca-0985-43db-a8e4-83673134a813, https://viz.greynoise.io/query/AS8075, https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305/summary, https://www.virustotal.com/graph/embed/g157209fb9f6643a8bc819522fd9e644c70ae0f541aa347b4aa19b1636ee6d556?theme=dark, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/65d8c22c9a6367d4742ddd59, https://www.virustotal.com/gui/collection/d6ec969e2e2b76f2bdb3b75595c50b9bfea53d730e2be98936896a3d110c3531, https://www.virustotal.com/gui/collection/d6ec969e2e2b76f2bdb3b75595c50b9bfea53d730e2be98936896a3d110c3531/iocs, https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments, https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9/iocs, https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305/iocs, https://viz.greynoise.io/analysis/6d4e20f2-7e0c-4d31-83a6-f973343f4dd1, https://viz.greynoise.io/analysis/5f89eddc-2668-47a2-8f6b-d4d81a31180c, https://us-test-sandbox.recordedfuture.com/240617-g49essyaqa, https://us-test-sandbox.recordedfuture.com/240617-h4dhsszdkg, https://us-test-sandbox.recordedfuture.com/240617-h53t3stfmj, https://us-test-sandbox.recordedfuture.com/240617-jak68azfqa, https://us-test-sandbox.recordedfuture.com/240617-h73bbszepa, https://tria.ge/240617-g49essyaqa/behavioral1, https://www.virustotal.com/graph/embed/g5d8ecedaf40940ec8c84636da79426ec6a5f316d51874b499b47a02a8cef4a21?theme=dark, jwanihad - _No Problems__ Investigation of Distribution Vectors and Threat Network Infrastructure - files.stix, jwanihad - _No Problems__ Investigation of Distribution Vectors and Threat Network Infrastructure - domains.stix, https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376, https://ualbertaca-my.sharepoint.com/:f:/g/personal/jwanihad_ualberta_ca/EhLQD31IDHxMo2_PJev991AB8axG-g39-7GRT4V2KfX9Cg?e=FHpCUr

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 years ago · Last seen 4 months ago
Appeared in 5 threat reports