HOMETHREATSRatankba
APT / THREAT GROUP

Ratankba

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

This is a backdoor that establishes persistence using the Startup folder.

It communicates to its C&C server using HTTPS and a static HTTP User-Agent

string. QUICKRIDE is capable of gathering information about the system,

downloading and loading executables, and uninstalling itself. It was leveraged

against banks in Poland.

Threat Analysis

Ratankba is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

win.ratankbaRatankbaQUICKRIDE

External Intelligence

Malpedia: win.ratankba

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.