load Diebold Nixdorf ATM library

rule:
  meta:
    name: load Diebold Nixdorf ATM library
    namespace: targeting/automated-teller-machine/diebold-nixdorf
    authors:
      - william.ballenthin@mandiant.com
    scopes:
      static: file
      dynamic: file
    references:
      - https://www.vkremez.com/2017/12/lets-learn-cutlet-atm-malware-internals.html
    examples:
      - 658b0502b53f718bd0611a638dfd5969
      - 8683c43f1e22363ce98f0a89ca4ed389
      - 953bc3e68f0a49c6ade30b52a2bfaaab
  features:
    - or:
      - import: cscwcng.dll
      - string: "CSCWCNG.dll"
      - import: cscwcng.CscCngStatusWrite
      - import: cscwcng.CscCngCasRefInit
      - import: cscwcng.CscCngEncryption
      - import: cscwcng.CscCngRecovery
      - import: cscwcng.CscCngService
      - import: cscwcng.CscCngOpen
      - import: cscwcng.CscCngReset
      - import: cscwcng.CscCngClose
      - import: cscwcng.CscCngDispense
      - import: cscwcng.CscCngTransport
      - import: cscwcng.CscCngStatusRead
      - import: cscwcng.CscCngInit
      - import: cscwcng.CscCngGetRelease
      - import: cscwcng.CscCngLock
      - import: cscwcng.CscCngUnlock
      - import: cscwcng.CscCngShutter
      - import: cscwcng.CscCngPowerOff
      - import: cscwcng.CscCngSelStatus
      - import: cscwcng.CscCngBim
      - import: cscwcng.CscCngConfigure
      - import: cscwcng.CscCngStatistics
      - import: cscwcng.CscCngControl
      - import: cscwcng.CscCngPsm
      - import: cscwcng.CscCngGetTrace
      - import: cscwcng.CscCngOptimization
      - import: cscwcng.CscCngSelftest
      - import: cscwcng.CscCngEco
      - string: "CscCngStatusWrite"
      - string: "CscCngCasRefInit"
      - string: "CscCngEncryption"
      - string: "CscCngRecovery"
      - string: "CscCngService"
      - string: "CscCngOpen"
      - string: "CscCngReset"
      - string: "CscCngClose"
      - string: "CscCngDispense"
      - string: "CscCngTransport"
      - string: "CscCngStatusRead"
      - string: "CscCngInit"
      - string: "CscCngGetRelease"
      - string: "CscCngLock"
      - string: "CscCngUnlock"
      - string: "CscCngShutter"
      - string: "CscCngPowerOff"
      - string: "CscCngSelStatus"
      - string: "CscCngBim"
      - string: "CscCngConfigure"
      - string: "CscCngStatistics"
      - string: "CscCngControl"
      - string: "CscCngPsm"
      - string: "CscCngGetTrace"
      - string: "CscCngOptimization"
      - string: "CscCngSelftest"
      - string: "CscCngEco"