 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Tyupkin| Names | Tyupkin Padpin | |
| Category | Malware | |
| Type | ATM malware | |
| Description | (Lastline) For today’s case study, we use a Tyupkin malware sample, a .Net application for bank automated teller machines (ATM) running on the Microsoft Windows operating system. Tyupkin’s aim is to steal cash by sending a specific command to the cash dispenser of the compromised ATM. During the analysis, our sandbox will trick the malware into believing that our analysis environment is an ATM itself. We will achieve this by submitting our sample bundled with a few specific DLLs that provide programmer’s interfaces to a Windows-based ATM, Extensions for Financial Services (XFS). | |
| Information | <https://www.lastline.com/labsblog/tyupkin-atm-malware/> <https://archive.f-secure.com/weblog/archives/00002751.html> <https://securelist.com/tyupkin-manipulating-atm-machines-with-malware/66988/> <https://www.atmmarketplace.com/articles/can-the-atm-industry-stop-tyupkin-in-its-tracks/> <https://documents.trendmicro.com/assets/white_papers/wp-cashing-in-on-atm-malware.pdf> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.tyupkin> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:tyupkin> | |
Last change to this tool card: 25 May 2020
Download this tool card in JSON format
Previous: TYPEFRAME
Next: UDPoS
| Changed | Name | Country | Observed | ||
Unknown groups | |||||
| _[ Interesting malware not linked to an actor yet ]_ | |||||
1 group listed (0 APT, 0 other, 1 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |