adding Yanbian Gang as threat actor

This commit is contained in:
Daniel Plohmann 2021-04-16 15:12:45 +02:00 committed by GitHub
parent 04b4fd70db
commit 6eb594a6b0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -8535,7 +8535,25 @@
}, },
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5", "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
"value": "Ghostwriter" "value": "Ghostwriter"
},
{
"description": "RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.",
"meta": {
"cfr-suspected-victims": [
"South Korea",
"Japan"
],
"refs": [
"https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/",
"https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html",
"https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html",
"https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html",
"https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/"
]
},
"uuid": "eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e",
"value": "Yanbian Gang"
} }
], ],
"version": 200 "version": 201
} }