Yanbian Gang (Threat Actor)

Yanbian Gang (Back to overview)

RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.

Associated Families

apk.funkybot apk.moqhao

References

2023-03-31 ⋅ Telekom ⋅ TR4xx
Moqhao masters new tricks
MoqHao

2023-03-16 ⋅ Team Cymru ⋅ S2 Research Team
MoqHao Part 3: Recent Global Targeting Trends
MoqHao

2023-01-19 ⋅ Kaspersky Labs ⋅ GReAT
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
MoqHao

2022-08-11 ⋅ xanhacks' infosec blog ⋅ xanhacks
MoqHao Android malware analysis and phishing campaign
MoqHao

2022-07-18 ⋅ Sekoia ⋅ Threat & Detection Research Team
Ongoing Roaming Mantis smishing campaign targeting France
MoqHao

2022-04-07 ⋅ Team Cymru ⋅ Josh Hopkins
MoqHao Part 2: Continued European Expansion
MoqHao

2021-08-11 ⋅ Team Cymru ⋅ Josh Hopkins
MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
MoqHao

2021-05-18 ⋅ Medium (Cryptax) ⋅ Axelle Apvrille
A native packer for Android/MoqHao
MoqHao

2021-05-05 ⋅ Kashif Ali Surfeit and Blasé Security ⋅ Kashif Ali
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
MoqHao Roaming Mantis

2021-04-07 ⋅ RiskIQ ⋅ Team RiskIQ
Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
Yanbian Gang

2021-01-20 ⋅ Team Cymru ⋅ Andy Kraus
MoqHao Part 1: Identifying Phishing Infrastructure
MoqHao

2020-06-25 ⋅ Medium CSIS Techblog ⋅ Aleksejs Kuprins
The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices
FakeSpy FunkyBot MoqHao

2020-02-27 ⋅ Kaspersky Labs ⋅ Suguru Ishimaru
Roaming Mantis, part V: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
FunkyBot MoqHao Roaming Mantis

2020-01-17 ⋅ Hiroaki Ogawa, Manabu Niseki
100 more behind cockroaches?
MoqHao Emotet Predator The Thief

2019-09-04 ⋅ Fortinet ⋅ Dario Durando
FunkyBot: A New Android Malware Family Targeting Japan
FunkyBot

2019-01-01 ⋅ Kaspersky Labs ⋅ Hiroaki Ogawa, Manabu Niseki, Suguru Ishimaru
Roaming Mantis: an Anatomy of a DNS Hijacking Campaign
MoqHao Roaming Mantis

2018-11-26 ⋅ Trend Micro ⋅ Ecular Xu, Lorin Wu
Examining XLoader, FakeSpy, and the Yanbian Gang
FakeSpy MoqHao Yanbian Gang

2018-11-26 ⋅ Trend Micro ⋅ Ecular Xu, Lorin Wu
A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
FakeSpy MoqHao

2018-06-19 ⋅ Trend Micro ⋅ Ecular Xu
FakeSpy Targets Japanese and Korean-Speaking Users
FakeSpy Yanbian Gang

2018-04-20 ⋅ Trend Micro ⋅ Trend Micro
XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
MoqHao Yanbian Gang

2015-02-12 ⋅ Trend Micro ⋅ Simon Huang
Mobile Malware Gang Steals Millions from South Korean Users
Yanbian Gang

Credits: MISP Project