Merge https://github.com/MISP/misp-galaxy

2021-04-19 15:48:58 +02:00 · 2021-04-19 15:48:58 +02:00 · 0a05621f82
parent b138354fa5 28f6475cc5
commit 0a05621f82
2 changed files with 19 additions and 11 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -15906,11 +15906,6 @@
      "uuid": "35c968af-cee9-40bf-9d62-b8ba5d6dbc8f",
      "value": "FileFuck"
    },
-    {
-      "description": "ransomware",
-      "uuid": "bf09fca0-30ad-4c2c-a3cd-5486382e8e2c",
-      "value": "File-Locker"
-    },
    {
      "description": "ransomware",
      "uuid": "39a197ff-be4b-45a7-bdc8-fc17af421d63",
@ -15926,11 +15921,6 @@
      "uuid": "02c5bf92-23e8-404c-9fe9-5e50f587d0c4",
      "value": "FindZip"
    },
-    {
-      "description": "ransomware",
-      "uuid": "ba21bae0-8af7-492d-84b7-e424b99b5d4a",
-      "value": "First"
-    },
    {
      "description": "ransomware",
      "uuid": "b9f1d220-2ef0-4b1d-84ed-ae6843e5828e",
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -8535,7 +8535,25 @@
      },
      "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
      "value": "Ghostwriter"
+    },
+    {
+      "description": "RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "South Korea",
+          "Japan"
+        ],
+        "refs": [
+          "https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/",
+          "https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html",
+          "https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html",
+          "https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html",
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/"
+        ]
+      },
+      "uuid": "eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e",
+      "value": "Yanbian Gang"
    }
  ],
-  "version": 200
+  "version": 201
 }