diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 31d5217..bd5fb45 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -15906,11 +15906,6 @@
       "uuid": "35c968af-cee9-40bf-9d62-b8ba5d6dbc8f",
       "value": "FileFuck"
     },
-    {
-      "description": "ransomware",
-      "uuid": "bf09fca0-30ad-4c2c-a3cd-5486382e8e2c",
-      "value": "File-Locker"
-    },
     {
       "description": "ransomware",
       "uuid": "39a197ff-be4b-45a7-bdc8-fc17af421d63",
@@ -15926,11 +15921,6 @@
       "uuid": "02c5bf92-23e8-404c-9fe9-5e50f587d0c4",
       "value": "FindZip"
     },
-    {
-      "description": "ransomware",
-      "uuid": "ba21bae0-8af7-492d-84b7-e424b99b5d4a",
-      "value": "First"
-    },
     {
       "description": "ransomware",
       "uuid": "b9f1d220-2ef0-4b1d-84ed-ae6843e5828e",
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8d15715..4fc9c70 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8535,7 +8535,25 @@
       },
       "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
       "value": "Ghostwriter"
+    },
+    {
+      "description": "RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "South Korea",
+          "Japan"
+        ],
+        "refs": [
+          "https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/",
+          "https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html",
+          "https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html",
+          "https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html",
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/"
+        ]
+      },
+      "uuid": "eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e",
+      "value": "Yanbian Gang"
     }
   ],
-  "version": 200
+  "version": 201
 }