The ATMSpitter family consists of command-line tools designed to control the cash dispenser of an ATM through function calls to either CSCWCNG.dll or MFSXFS.dll. Both libraries are legitimate Windows drivers used to interact with the components of different ATM models. The attack was carried out simultaneously on European Banks and Taiwanese Banks. European banks were attacked with the ATMSpitter application created with the standard MSXFS.dll library. For Taiwanese Banks, ATMSpitter authors used the standard CSCWNG.dll library. As a result of further investigations, it was completely confirmed that the attack was carried out by the Cobalt group. At that time, the group was mainly interested in ATM control network segments that started cashing out from ATMs. Reported a total of $2.18 million dollars were lost because of this attack.
| 4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958 | HEUR:Backdoor.Win32.ATMJackpot.gen | Download |
| bf20c674a0533e7c0d825de097629a96cb42ae2d4840b07dd1168993d95163e8 | HEUR:Backdoor.Win32.ATMJackpot.gen | Download |
| c5b43b02a62d424a4e8a63b23bef8b022c08a889a15a6ad7f5bf1fd4fe73291f | Backdoor.Win32.ATMJackpotX.a | Download |
| 85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6 | HEUR:Backdoor.Win32.ATMJackpot.gen | Download |
| 8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b | HEUR:Backdoor.Win32.ATMJackpot.gen | Download |
| f27e27244233f2bb5b02412d4b05315625928adaa340708e91d61ad3bce54bf6 | HEUR:Backdoor.Win32.ATMJackpot.gen | Download |