mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
adding Yanbian Gang as threat actor
This commit is contained in:
parent
04b4fd70db
commit
6eb594a6b0
1 changed files with 19 additions and 1 deletions
|
@ -8535,7 +8535,25 @@
|
|||
},
|
||||
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
|
||||
"value": "Ghostwriter"
|
||||
},
|
||||
{
|
||||
"description": "RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.",
|
||||
"meta": {
|
||||
"cfr-suspected-victims": [
|
||||
"South Korea",
|
||||
"Japan"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/",
|
||||
"https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html",
|
||||
"https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html",
|
||||
"https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html",
|
||||
"https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/"
|
||||
]
|
||||
},
|
||||
"uuid": "eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e",
|
||||
"value": "Yanbian Gang"
|
||||
}
|
||||
],
|
||||
"version": 200
|
||||
"version": 201
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue