RadioBlackpayback - Snow Bunny Devours Bbc - Interra... -
| Category | IOC / Indicator |
|----------|-----------------|
| File hashes (SHA‑256) | 2d7f3a1e8f8a9c5b3e6d4f1a0c9b7d2e5f9a8c7b6e4d3c2b1a0e9f8d7c6b5a4 (common payload) |
| Mutexes | Global\SnowBunnyMutex |
| Registry | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SystemUpdateTask → value points to %APPDATA%\Microsoft\Windows\Start Menu\Programs\SnowBunny.exe |
| Scheduled Tasks | Task name pattern \Microsoft\Windows\UpdateOrchestrator\*Update |
| WMI Event | __EventFilter name SnowBunnyFilter |
| Network | DNS queries to *.gkz.net; TLS SNI containing snowbunny |
| Process | svchost.exe with a child process SnowBunny.exe (unsigned, location in %TEMP% or %APPDATA%) |
| Ransom extension | Files ending in .bbc (e.g., report.docx.bbc) |
Tip: Many security‑information platforms (VirusTotal, Hybrid Analysis, Abuse.ch) have up‑to‑date hash lists; ingest them into your endpoint detection & response (EDR) solutions. BlackPayBack - Snow Bunny Devours BBC - Interra...
The visual language of BlackPayBack—glitch‑infused mascots “consuming” mainstream media—has been echoed in later remix videos, especially those addressing “information overload” during election cycles. The piece has also been referenced in academic conferences on “Digital Counter‑Narratives,” cementing its role as a touchstone for discussions about media subversion in the 2020s. | Item | Details | |------|---------| | Family
| Item | Details | |------|---------| | Family name | BlackPayBack (sometimes shortened to “BPB”) | | Variant / nickname | “Snow Bunny” (identified in several threat‑intel reports) | | First seen | Early 2024, with a spike of activity in Q2‑2024 | | Target sectors | Healthcare, education, local government, and small‑to‑medium enterprises (SMEs) in the United States and Europe | | Delivery vectors | | | Ransom note | “BBC” (Bold, Branded, and Cryptic) – a stylized PDF that demands payment in Bitcoin and threatens public data release. | providing feedback on a video
Why the “Snow Bunny” moniker?
The binary contains an embedded image of a cartoon rabbit with a snowflake background. Analysts at multiple AV vendors started using the nickname “Snow Bunny” to differentiate this variant from earlier BlackPayBack samples.
If your query relates to reporting inappropriate content, providing feedback on a video, or you're a performer/industry professional with concerns, most platforms and production companies have mechanisms in place for these purposes.
The title you've mentioned suggests this is an adult video, likely produced by BlackPayBack, a studio known for creating content within the adult film industry. The description "Snow Bunny Devours BBC - Interra..." implies a specific scenario or theme within the video.