{ "type": "MD5", "indicator": "b1bcfbc60ec00a9e26e351b13918e330", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "b1bcfbc60ec00a9e26e351b13918e330", "validation": [], "base_indicator": { "id": 4200766328, "indicator": "b1bcfbc60ec00a9e26e351b13918e330", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "699b360c59ae7e14d70bb327", "name": "Actividad maliciosa relacionada con ATM jackpotting - 22/02/2026", "description": "Acceso f\u00edsico no autorizado a cajeros autom\u00e1ticos\nEjecuci\u00f3n de malware directamente en el sistema del ATM\nInteracci\u00f3n con el middleware XFS del dispensador\nEnv\u00edo de comandos para liberar efectivo sin autorizaci\u00f3n\nOperaci\u00f3n offline sin necesidad de conexi\u00f3n a red bancaria\nEvasi\u00f3n de controles de monitoreo tradicionales\nDispensa r\u00e1pida y masiva de dinero en efectivo", "modified": "2026-02-22T16:59:56.851000", "created": "2026-02-22T16:59:56.851000", "tags": [], "references": [ "https://techcrunch.com/2026/02/19/fbi-says-atm-jackpotting-attacks-are-on-the-rise-and-netting-hackers-millions-in-stolen-cash/?utm_source=substack&utm_medium=email" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "melted_ocampo", "id": "346085", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 250, "FileHash-SHA1": 215, "FileHash-SHA256": 215 }, "indicator_count": 680, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "97 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "698a0d47ef576aa600f84909", "name": "Se reporta nueva actividad por parte de Wannacry 09/02/2026", "description": "WannaCry es un ransomware altamente destructivo que se propag\u00f3 a trav\u00e9s de una vulnerabilidad en el sistema operativo Windows, espec\u00edficamente en el protocolo SMB (Server Message Block). Se aprovech\u00f3 de una falla cr\u00edtica conocida como EternalBlue, la cual hab\u00eda sido filtrada por el grupo de hackers Shadow Brokers. Este ataque afect\u00f3 a cientos de miles de computadoras en todo el mundo, cifrando archivos y pidiendo un rescate en Bitcoin a cambio de la clave de descifrado.", "modified": "2026-02-09T16:37:27.145000", "created": "2026-02-09T16:37:27.145000", "tags": [ "tcticas", "ta0001 initial", "access", "ta0008 lateral", "movement", "ta0040 impact", "t1053", "taskjob", "t1486 data", "encrypted", "impact" ], "references": [ "http://darfe.es/ciberwiki/index.php?title=WannaCry" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1570", "name": "Lateral Tool Transfer", "display_name": "T1570 - Lateral Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eduarvivas", "id": "372481", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 160, "FileHash-SHA1": 159, "FileHash-SHA256": 159 }, "indicator_count": 478, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "110 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "http://darfe.es/ciberwiki/index.php?title=WannaCry", "https://techcrunch.com/2026/02/19/fbi-says-atm-jackpotting-attacks-are-on-the-rise-and-netting-hackers-millions-in-stolen-cash/?utm_source=substack&utm_medium=email" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "699b360c59ae7e14d70bb327", "name": "Actividad maliciosa relacionada con ATM jackpotting - 22/02/2026", "description": "Acceso f\u00edsico no autorizado a cajeros autom\u00e1ticos\nEjecuci\u00f3n de malware directamente en el sistema del ATM\nInteracci\u00f3n con el middleware XFS del dispensador\nEnv\u00edo de comandos para liberar efectivo sin autorizaci\u00f3n\nOperaci\u00f3n offline sin necesidad de conexi\u00f3n a red bancaria\nEvasi\u00f3n de controles de monitoreo tradicionales\nDispensa r\u00e1pida y masiva de dinero en efectivo", "modified": "2026-02-22T16:59:56.851000", "created": "2026-02-22T16:59:56.851000", "tags": [], "references": [ "https://techcrunch.com/2026/02/19/fbi-says-atm-jackpotting-attacks-are-on-the-rise-and-netting-hackers-millions-in-stolen-cash/?utm_source=substack&utm_medium=email" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "melted_ocampo", "id": "346085", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 250, "FileHash-SHA1": 215, "FileHash-SHA256": 215 }, "indicator_count": 680, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "97 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "698a0d47ef576aa600f84909", "name": "Se reporta nueva actividad por parte de Wannacry 09/02/2026", "description": "WannaCry es un ransomware altamente destructivo que se propag\u00f3 a trav\u00e9s de una vulnerabilidad en el sistema operativo Windows, espec\u00edficamente en el protocolo SMB (Server Message Block). Se aprovech\u00f3 de una falla cr\u00edtica conocida como EternalBlue, la cual hab\u00eda sido filtrada por el grupo de hackers Shadow Brokers. Este ataque afect\u00f3 a cientos de miles de computadoras en todo el mundo, cifrando archivos y pidiendo un rescate en Bitcoin a cambio de la clave de descifrado.", "modified": "2026-02-09T16:37:27.145000", "created": "2026-02-09T16:37:27.145000", "tags": [ "tcticas", "ta0001 initial", "access", "ta0008 lateral", "movement", "ta0040 impact", "t1053", "taskjob", "t1486 data", "encrypted", "impact" ], "references": [ "http://darfe.es/ciberwiki/index.php?title=WannaCry" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1570", "name": "Lateral Tool Transfer", "display_name": "T1570 - Lateral Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eduarvivas", "id": "372481", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 160, "FileHash-SHA1": 159, "FileHash-SHA256": 159 }, "indicator_count": 478, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "110 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "b1bcfbc60ec00a9e26e351b13918e330", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "b1bcfbc60ec00a9e26e351b13918e330", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780238093.0210032 }