Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:31:43 UTC
 Tool: PowerRatankba
Names
PowerRatankba
QUICKRIDE.POWER
Category Malware
Type Backdoor, Info stealer
Description
(Proofpoint) a PowerShell-based malware variant that closely resembles the original
Ratankba implant. We believe that PowerRatankba was likely developed as a replacement
in Lazarus Group’s strictly financially motivated team’s arsenal to fill the hole left by
Ratankba’s discovery and very public documentation earlier this year.
Information
Malpedia AlienVault OTX Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool PowerRatankba
Changed Name Country Observed
APT groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4c51ff35-46ff-4228-aed7-7a174600e283
Page 1 of 2

Lazarus Group, Hidden Cobra, Labyrinth Chollima 2007-May 2025
1 group listed (1 APT, 0 other, 0 unknown)
↑
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4c51ff35-46ff-4228-aed7-7a174600e283
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4c51ff35-46ff-4228-aed7-7a174600e283
Page 2 of 2