Flashpoint tied the December 2018 intrusion at Chilean interbank network Redbanc to PowerRatankba, a Lazarus-linked reconnaissance and downloader toolkit. The reported initial vector was a fake job application and Spanish Skype interview that led a trusted Redbanc IT professional to run a .NET dropper disguised as job-application software. The dropper contacted ecombox[.]store, wrote and executed C:\users\public\REG_TIME.ps1, and launched PowerRatankba to collect host, user, process, proxy, file-share, SMB, and RDP data through WMI and registry queries. Redbanc said the malware was installed on its corporate network but was mitigated without impact to operations, services, or infrastructure.