SYMBOLCOMMON_NAMEaka. SYNONYMS

Yanbian Gang  (Back to overview)


RiskIQ characterizes the Yanbian Gang as a group that targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank.


Associated Families
apk.funkybot apk.moqhao

References
2021-05-18Medium (Cryptax)Axelle Apvrille
@online{apvrille:20210518:native:350d98f, author = {Axelle Apvrille}, title = {{A native packer for Android/MoqHao}}, date = {2021-05-18}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/a-native-packer-for-android-moqhao-6362a8412fe1}, language = {English}, urldate = {2021-05-19} } A native packer for Android/MoqHao
MoqHao
2021-05-05Kashif Ali Surfeit and Blasé SecurityKashif Ali
@online{ali:20210505:roaming:b3131fd, author = {Kashif Ali}, title = {{Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware}}, date = {2021-05-05}, organization = {Kashif Ali Surfeit and Blasé Security}, url = {https://www.kashifali.ca/2021/05/05/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/}, language = {English}, urldate = {2021-05-08} } Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
MoqHao Roaming Mantis
2021-04-07RiskIQTeam RiskIQ
@online{riskiq:20210407:yanbian:43530e8, author = {Team RiskIQ}, title = {{Yanbian Gang Malware Continues with Wide-Scale Distribution and C2}}, date = {2021-04-07}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/}, language = {English}, urldate = {2021-04-19} } Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
Yanbian Gang
2020-06-25Medium CSIS TechblogAleksejs Kuprins
@online{kuprins:20200625:roamingmantis:256a9f9, author = {Aleksejs Kuprins}, title = {{The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices}}, date = {2020-06-25}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/the-roamingmantis-groups-expansion-to-european-apple-accounts-and-android-devices-e6381723c681}, language = {English}, urldate = {2020-06-25} } The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices
FakeSpy FunkyBot MoqHao
2020-02-27Kaspersky LabsSuguru Ishimaru
@online{ishimaru:20200227:roaming:3e14d12, author = {Suguru Ishimaru}, title = {{Roaming Mantis, part V: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques}}, date = {2020-02-27}, organization = {Kaspersky Labs}, url = {https://securelist.com/roaming-mantis-part-v/96250/}, language = {English}, urldate = {2020-03-02} } Roaming Mantis, part V: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
FunkyBot MoqHao
2020-01-17Hiroaki Ogawa, Manabu Niseki
@techreport{ogawa:20200117:100:035a7dd, author = {Hiroaki Ogawa and Manabu Niseki}, title = {{100 more behind cockroaches?}}, date = {2020-01-17}, institution = {}, url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_4_ogawa-niseki_en.pdf}, language = {English}, urldate = {2020-01-17} } 100 more behind cockroaches?
MoqHao Emotet Predator The Thief
2019-09-04FortinetDario Durando
@online{durando:20190904:funkybot:625b9ba, author = {Dario Durando}, title = {{FunkyBot: A New Android Malware Family Targeting Japan}}, date = {2019-09-04}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html}, language = {English}, urldate = {2020-01-13} } FunkyBot: A New Android Malware Family Targeting Japan
FunkyBot
2019Kaspersky LabsSuguru Ishimaru, Manabu Niseki, Hiroaki Ogawa
@techreport{ishimaru:2019:roaming:23097da, author = {Suguru Ishimaru and Manabu Niseki and Hiroaki Ogawa}, title = {{Roaming Mantis: an Anatomy of a DNS Hijacking Campaign}}, date = {2019}, institution = {Kaspersky Labs}, url = {https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf}, language = {English}, urldate = {2020-01-09} } Roaming Mantis: an Anatomy of a DNS Hijacking Campaign
MoqHao
2018-11-26Trend MicroLorin Wu, Ecular Xu
@online{wu:20181126:look:89e0f68, author = {Lorin Wu and Ecular Xu}, title = {{A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang}}, date = {2018-11-26}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang/}, language = {English}, urldate = {2021-07-07} } A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
FakeSpy MoqHao
2018-11-26Trend MicroLorin Wu, Ecular Xu
@online{wu:20181126:examining:7a7ccc0, author = {Lorin Wu and Ecular Xu}, title = {{Examining XLoader, FakeSpy, and the Yanbian Gang}}, date = {2018-11-26}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html}, language = {English}, urldate = {2021-07-07} } Examining XLoader, FakeSpy, and the Yanbian Gang
FakeSpy MoqHao Yanbian Gang
2018-06-19Trend MicroEcular Xu
@online{xu:20180619:fakespy:cd211fc, author = {Ecular Xu}, title = {{FakeSpy Targets Japanese and Korean-Speaking Users}}, date = {2018-06-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/f/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users.html}, language = {English}, urldate = {2021-04-19} } FakeSpy Targets Japanese and Korean-Speaking Users
FakeSpy Yanbian Gang
2018-04-20Trend MicroTrend Micro
@online{micro:20180420:xloader:e46474f, author = {Trend Micro}, title = {{XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing}}, date = {2018-04-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html}, language = {English}, urldate = {2021-07-07} } XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
MoqHao Yanbian Gang
2015-02-12Trend MicroSimon Huang
@online{huang:20150212:mobile:057aef0, author = {Simon Huang}, title = {{Mobile Malware Gang Steals Millions from South Korean Users}}, date = {2015-02-12}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-gang-steals-millions-from-south-korean-users/}, language = {English}, urldate = {2021-04-19} } Mobile Malware Gang Steals Millions from South Korean Users
Yanbian Gang

Credits: MISP Project