ATMTest is a multi-stage infection in 2018. It requires console access to the ATM, meaning the attackers have to gain remote access to the bank's networks.

The ATMSpitter family consists of command-line tools designed to control the cash dispenser of an ATM through function calls to either CSCWCNG.dll or MFSXFS.dll.

Campo is a spanish word meaning countryside, this word is referred in all URL this malware access, hence the name Campo. Campo loader is a simple and effective malware responsible for spreading other malware. It is known as the first stage payload for TrickBot, Gozi, and Zloader.

ATMRIPPER or simply RIPPER is an ATM Malware that is allegedly responsible for theft of 12 million Bhat from Thailand Government Savings Bank's NCR ATMs in 2016.

CRING ransomware encrypts business user and server data with AES-128 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. After the malicious actors have established initial access, they drop a customized Mimikatz sample followed by CobaltStrike.