mirror of https://github.com/MISP/misp-galaxy
Merge pull request #644 from danielplohmann/patch-7
adding Yanbian Gang as threat actorpull/646/head
commit
ac19fe2f6e
|
@ -8535,7 +8535,25 @@
|
||||||
},
|
},
|
||||||
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
|
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
|
||||||
"value": "Ghostwriter"
|
"value": "Ghostwriter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"South Korea",
|
||||||
|
"Japan"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/",
|
||||||
|
"https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html",
|
||||||
|
"https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html",
|
||||||
|
"https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html",
|
||||||
|
"https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e",
|
||||||
|
"value": "Yanbian Gang"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 200
|
"version": 201
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue