 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Ratankba| Names | Ratankba Ratabanka QUICKRIDE | |
| Category | Malware | |
| Type | Backdoor, Info stealer | |
| Description | (Trend Micro) During our analysis, we collected a copy of the RATANKBA malware’s Lazarus Remote Controller tool. The remote controller provides a user interface that allows attackers to send jobs to any compromised endpoint. The controller gives the attackers the ability to manipulate the victims’ host by queueing tasks on the main server. RATANKBA retrieves and executes the tasks, and retrieves the collected information. | |
| Information | <https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0241/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.ratankba> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:ratankba> | |
Last change to this tool card: 29 December 2022
Download this tool card in JSON format
Previous: Raspberry Robin
Next: RatankbaPOS
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Sep 2024  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |