PowerRatankba

Description

(Proofpoint) a PowerShell-based malware variant that closely resembles the original Ratankba implant. We believe that PowerRatankba was likely developed as a replacement in Lazarus Group’s strictly financially motivated team’s arsenal to fill the hole left by Ratankba’s discovery and very public documentation earlier this year.

Names

Name
PowerRatankba
QUICKRIDE.POWER

Type

Backdoor
Info stealer

Information

https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf
https://www.riskiq.com/blog/labs/lazarus-group-cryptocurrency/
https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/
https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/
https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.power_ratankba

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:PowerRatankba

Other Information

Uuid

4c51ff35-46ff-4228-aed7-7a174600e283

Last Card Change

2020-05-14

Threat Intelligence Garden

Explorer

PowerRatankba

PowerRatankba

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks