RatankbaPOS

Description

(Proofpoint) RatankbaPOS is deployed through a process injection dropper that is also capable of installing itself persistently, checking a C&C for either an update or a command to delete itself, dropping the RatankbaPOS implant to disk, and finally searching for the targeted POS process and module for injection and ultimately the theft of POS data.

Names

Name
RatankbaPOS
RatabankaPOS

Type

POS malware
Backdoor
Info stealer

Information

https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.ratankbapos

Other Information

Uuid

7e02c5a8-fe4e-4bdb-86c4-b5e47802a054

Last Card Change

2022-12-29

Threat Intelligence Garden

Explorer

RatankbaPOS

RatankbaPOS

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks