Unknown POS

#RatankbaPOS • 2017-12

🇰🇷 Korea, Republic of

Proofpoint described RatankbaPOS as part of financially motivated Lazarus Group activity centered on cryptocurrency and POS-related malware operations. The reporting connected RatankbaPOS with PowerRatankba downloaders, multiple delivery formats including shortcut, CHM, Office macro, and backdoored PyInstaller payloads, and related second-stage tooling such as PowerRatankba.B and Gh0st RAT, with attribution supported by shared encryption, obfuscation, functionality, decoys, code overlap, and C2 characteristics.

Related Actors

Related Reports

2017-12-19
Proofpoint
#Cryptocurrency #Whitepaper #PowerRatankba #RatankbaPOS #Lazarus
« Back