S2W, a fan of Lazarus-lazarusholic

S2W

@S2W_Official, https://s2w.inc/

Actors

Name	Named by	AKA	First seen	Last seen
ChinopuNK	S2W	ScarCruft	2025-08-07	2025-08-07
DogpuNK	S2W	ScarCruft	2025-08-07	2025-08-07
SeedpuNK	S2W	Kimsuky	2024-10-02	2024-10-02
puNK-001	S2W	Konni	2024-08-22	2024-08-22
puNK-002	S2W	-	2024-08-22	2024-08-22
puNK-003	S2W	Konni	2024-08-22	2024-08-22
puNK-004	S2W	Kimsuky	2025-03-13	2025-03-13
puNK-006	S2W	ScarCruft	2025-08-07	2025-08-07

Reports

2026-02-06
S2W
Scarcruft’s ROKRAT Malware: Recent Changes
#RokRAT #ScarCruft

2026-02-03
S2W
스카크러프트 악성코드(Scarcruft ROKRAT): 새로운 유포 방식의 출현
#RokRAT #ScarCruft

2025-10-28
S2W
IoC Update of Lazarus Group’s Recent Attack Campaign Targeting South Korea
#Lazarus

2025-09-09
S2W
Kimsuky’s Use of GitHub for Malware Delivery and Exfiltration
#Kimsuky #LNK

2025-09-09
S2W
Kimsuky그룹의 GitHub 기반 악성코드 유포 및 정보 탈취 정황
#Kimsuky #LNK

2025-08-22
S2W
Detailed Analysis of Phrack’s APT Down: The North Korea Files
#Kimsuky #APTDown

2025-08-07
S2W
ScarCruft’s New Language: Whispering in PubNub, Crafting Backdoor in Rust, Striking with Ransomware
#ChinopuNK #DogpuNK #LNK #Ransomware #ScarCruft #puNK-006 #VCD

2025-06-17
S2W
Kimsuky’s CHM and BabyShark Malware Using Cryptocurrency Theme
#BabyShark #CHM #Kimsuky

2025-04-29
S2W
Threat Group Profiling: Lazarus
#Lazarus

2025-04-22
S2W
Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign
#GopherGrabber #TraderTraitor #Willo

2025-03-13
S2W
Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer
#DocSwap #Mobile #puNK-004

2025-02-14
S2W
Analysis of the KONNI's LINKON Malware
#Konni #LINKON #LNK

2025-01-23
S2W
Quick Overview of Babyshark Campaign disguise as Defense-themed HWP Document, involving the Kimsuky APT Group
#BabyShark #Kimsuky

2025-01-22
S2W
Kimsuky 그룹의 Babyshark 악성코드 캠페인
#Kimsuky #BabyShark

2024-11-29
S2W
Introduction to the North Korea-backed Scarcruft ROKRAT Malware Cluster
#CloudMensis #RokRAT #ScarCruft

2024-10-16
S2W
Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine
#APT37 #CVE-2024-38178 #RokRAT

2024-10-02
S2W
Go-ing Arsenal: A Closer Look at Kimsuky’s Go Strategic Advancement
#AppleSeed #Kimsuky #SeedpuNK #TrollStealer

2024-08-22
S2W
Threat Tracking: Analysis of puNK-003’s Lilith RAT ported to AutoIt Script
#LINKON #AutoIt #puNK-003 #CURKON #LNK #LilithRAT #puNK-002 #puNK-001

2024-02-08
S2W
Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer…
#D2Innovation #TrollStealer #Kimsuky

2024-02-07
S2W
Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer
#D2Innovation #TrollStealer #Kimsuky

2023-10-30
S2W
FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application
#FastViewer #FastSpy #Kimsuky

2023-10-05
S2W
Into the Cumulus: Scarcruft bolsters arsenal for targeting individual Android devices
#RokRAT #Cumulus #ScarCruft

2023-07-12
S2W
2023년 상반기 북한 APT 그룹 위협 트렌드
#Youtube

2023-05-17
S2W
Detailed Analysis of AlphaSeed, a new version of Kimsuky’s AppleSeed written in Golang
#Kimsuky #AlphaSeed

2023-03-23
S2W
Scarcruft Bolsters Arsenal for targeting individual Android devices
#Mobile #Cumulus #Clugin #ScarCruft

2023-03-17
S2W
Kimsuky group appears to be exploiting OneNote like the cybercrime group
#Kimsuky #OneNote #BabyShark

2022-10-25
S2W
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
#Kimsuky #FastSpy #FastViewer

2022-02-15
S2W
Post Mortem of KlaySwap Incident through BGP Hijacking
#KlaySwap #Suspicious #DeFi #Cryptocurrency

2021-11-04
S2W
Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head?
#Kimsuky #Newton #AppleSeed #Youtube

2021-10-07
S2W
Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head?
#Kimsuky #Newton #AppleSeed

2021-07-14
S2W
Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
#APT37 #RokRAT #Matryoshka

2021-07-08
S2W
Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
#INISafeWeb #Lazarus

2021-03-11
S2W
국내·외 리서쳐 공격에 사용된 북한 라자루스 그룹의 최신 제로데이 취약점 및 관련 악성코드 분석
#DreamJob #Lazarus

2021-01-27
S2W
Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers)
#DreamJob #ThreatNeedle