{
	"id": "572a180d-6162-4ca1-bede-cae27b684551",
	"created_at": "2026-04-06T03:37:18.093134Z",
	"updated_at": "2026-04-10T03:31:40.614345Z",
	"deleted_at": null,
	"sha1_hash": "b1f374bbab0800d1794ae587e82b145bee9b4f87",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47328,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 03:10:50 UTC\n Other threat group: Yanbian Gang\nNames Yanbian Gang (?)\nCountry China\nMotivation Financial crime\nFirst seen 2013\nDescription\n(Trend Micro) In 2014, we took a close look at the Chinese underground market and\nfound that it continued to thrive. But what we did not see was that even\ncybercriminals in remote parts of the country—Yanbian—were successfully\nprofiting from the Android™ mobile banking customers in a neighboring country—\nSouth Korea.\nWhat we have dubbed the “Yanbian Gang” has successfully been siphoning millions\nfrom their victims’ accounts since 2013. The hackers used fake banking and other\npopular apps to victimize more than 4,000 South Korean Android mobile banking\ncustomers throughout 2013 and 2014. They also used effective social engineering\nlures like “The Interview” to bait victims into installing their fake apps.\nObserved Countries: South Korea.\nTools used\nOperations performed Dec 2020\nYanbian Gang Malware Continues with Wide-Scale Distribution\nand C2\nInformation\nLast change to this card: 21 April 2021\nDownload this actor card in PDF or JSON format\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=68cb966b-fbe9-40cb-b69d-60d13a492224\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=68cb966b-fbe9-40cb-b69d-60d13a492224\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=68cb966b-fbe9-40cb-b69d-60d13a492224\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=68cb966b-fbe9-40cb-b69d-60d13a492224"
	],
	"report_names": [
		"showcard.cgi?u=68cb966b-fbe9-40cb-b69d-60d13a492224"
	],
	"threat_actors": [
		{
			"id": "4c5a35bf-f483-463e-aea0-89a795698cff",
			"created_at": "2023-01-06T13:46:39.198624Z",
			"updated_at": "2026-04-10T02:00:03.243996Z",
			"deleted_at": null,
			"main_name": "Yanbian Gang",
			"aliases": [],
			"source_name": "MISPGALAXY:Yanbian Gang",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "8f350ed9-134e-4160-b63d-701f562ba64a",
			"created_at": "2022-10-25T16:07:24.589322Z",
			"updated_at": "2026-04-10T02:00:05.045635Z",
			"deleted_at": null,
			"main_name": "Yanbian Gang",
			"aliases": [],
			"source_name": "ETDA:Yanbian Gang",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446638,
	"ts_updated_at": 1775791900,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b1f374bbab0800d1794ae587e82b145bee9b4f87.pdf",
		"text": "https://archive.orkl.eu/b1f374bbab0800d1794ae587e82b145bee9b4f87.txt",
		"img": "https://archive.orkl.eu/b1f374bbab0800d1794ae587e82b145bee9b4f87.jpg"
	}
}