S2W, a fan of Lazarus-lazarusholic

S2W

@S2W_Official, https://s2w.inc/

Actors

Name	Named by	AKA	First seen	Last seen
SeedpuNK	S2W	Kimsuky	2024-10-02	2024-10-02
puNK-001	S2W	Konni	2024-08-22	2024-08-22
puNK-002	S2W	-	2024-08-22	2024-08-22
puNK-003	S2W	Konni	2024-08-22	2024-08-22
puNK-004	S2W	Kimsuky	2025-03-13	2025-03-13

Reports

2025-04-22
S2W
Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign
#GopherGrabber #TraderTraitor #Willo

2025-03-13
S2W
Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer
#DocSwap #Mobile #puNK-004

2025-02-14
S2W
Analysis of the KONNI's LINKON Malware
#Konni #LINKON #LNK

2025-01-23
S2W
Quick Overview of Babyshark Campaign disguise as Defense-themed HWP Document, involving the Kimsuky APT Group
#BabyShark #Kimsuky

2025-01-22
S2W
Kimsuky 그룹의 Babyshark 악성코드 캠페인
#Kimsuky #BabyShark

2024-11-29
S2W
Introduction to the North Korea-backed Scarcruft ROKRAT Malware Cluster
#CloudMensis #RokRAT #ScarCruft

2024-10-16
S2W
Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine
#APT37 #CVE-2024-38178 #RokRAT

2024-10-02
S2W
Go-ing Arsenal: A Closer Look at Kimsuky’s Go Strategic Advancement
#AppleSeed #Kimsuky #SeedpuNK #TrollStealer

2024-08-22
S2W
Threat Tracking: Analysis of puNK-003’s Lilith RAT ported to AutoIt Script
#LINKON #AutoIt #puNK-003 #CURKON #LNK #LilithRAT #puNK-002 #puNK-001

2024-02-08
S2W
Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer…
#D2Innovation #TrollStealer #Kimsuky

2024-02-07
S2W
Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer
#D2Innovation #TrollStealer #Kimsuky

2023-10-30
S2W
FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application
#FastViewer #FastSpy #Kimsuky

2023-10-05
S2W
Into the Cumulus: Scarcruft bolsters arsenal for targeting individual Android devices
#RokRAT #Cumulus #ScarCruft

2023-07-12
S2W
2023년 상반기 북한 APT 그룹 위협 트렌드
#Youtube

2023-05-17
S2W
Detailed Analysis of AlphaSeed, a new version of Kimsuky’s AppleSeed written in Golang
#Kimsuky #AlphaSeed

2023-03-23
S2W
Scarcruft Bolsters Arsenal for targeting individual Android devices
#Mobile #Cumulus #Clugin #ScarCruft

2023-03-17
S2W
Kimsuky group appears to be exploiting OneNote like the cybercrime group
#Kimsuky #OneNote #BabyShark

2022-10-25
S2W
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
#Kimsuky #FastSpy #FastViewer

2022-02-15
S2W
Post Mortem of KlaySwap Incident through BGP Hijacking
#KlaySwap #Suspicious #DeFi #Cryptocurrency

2021-11-04
S2W
Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head?
#Kimsuky #Newton #AppleSeed #Youtube

2021-10-07
S2W
Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head?
#Kimsuky #Newton #AppleSeed

2021-07-14
S2W
Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
#APT37 #RokRAT #Matryoshka

2021-07-08
S2W
Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
#INISafeWeb

2021-03-11
S2W
국내·외 리서쳐 공격에 사용된 북한 라자루스 그룹의 최신 제로데이 취약점 및 관련 악성코드 분석
#DreamJob

2021-01-27
S2W
Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers)
#DreamJob #ThreatNeedle