S0241Windows

S0241RATANKBA

Platforms
1
ATT&CK
14.1
References
3

Description

[RATANKBA](https://attack.mitre.org/software/S0241) is a remote controller tool used by [Lazarus Group](https://attack.mitre.org/groups/G0032). [RATANKBA](https://attack.mitre.org/software/S0241) has been used in attacks targeting financial institutions in Poland, Mexico, Uruguay, the United Kingdom, and Chile. It was also seen used against organizations related to telecommunications, management consulting, information technology, insurance, aviation, and education. [RATANKBA](https://attack.mitre.org/software/S0241) has a graphical user interface to allow the attacker to issue jobs to perform on the infected machines. (Citation: Lazarus RATANKBA) (Citation: RATANKBA)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupLazarus Groupg0032100%live

References

  1. https://attack.mitre.org/software/S0241
  2. https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html
  3. https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
DRATzarus
Software
Bankshot
Software
Winnti for Windows
Software
ROKRAT
Software
FALLCHILL
Software
PowerRatankba
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.