Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-16Medium s2wlabS2W TALON
@online{talon:20220616:raccoon:de7df76, author = {S2W TALON}, title = {{Raccoon Stealer is Back with a New Version}}, date = {2022-06-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d}, language = {English}, urldate = {2022-06-17} } Raccoon Stealer is Back with a New Version
Raccoon
2022-05-12Medium s2wlabJiho Kim
@online{kim:20220512:history:03c1535, author = {Jiho Kim}, title = {{The History of BlackGuard Stealer}}, date = {2022-05-12}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/the-history-of-blackguard-stealer-86207e72ffb4}, language = {English}, urldate = {2022-05-17} } The History of BlackGuard Stealer
BlackGuard
2022-04-01Medium s2wlabJiho Kim
@online{kim:20220401:rising:8510271, author = {Jiho Kim}, title = {{Rising Stealer in Q1 2022: BlackGuard Stealer}}, date = {2022-04-01}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/rising-stealer-in-q1-2022-blackguard-stealer-f516d9f85ee5}, language = {English}, urldate = {2022-04-15} } Rising Stealer in Q1 2022: BlackGuard Stealer
BlackGuard
2022-03-24Medium s2wlabS2W TALON
@online{talon:20220324:footsteps:aa24072, author = {S2W TALON}, title = {{Footsteps of the LAPSUS$ hacking group}}, date = {2022-03-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/footsteps-of-the-lapsus-hacking-group-73a8a143c375}, language = {Korean}, urldate = {2022-03-24} } Footsteps of the LAPSUS$ hacking group
2022-03-03Medium s2wlabJiho Kim
@online{kim:20220303:deep:3cac6e2, author = {Jiho Kim}, title = {{Deep Analysis of Redline Stealer: Leaked Credential with WCF}}, date = {2022-03-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904}, language = {English}, urldate = {2022-03-07} } Deep Analysis of Redline Stealer: Leaked Credential with WCF
RedLine Stealer
2022-02-17Medium s2wlabS2W TALON
@online{talon:20220217:tracking:5957935, author = {S2W TALON}, title = {{Tracking SugarLocker ransomware & operator}}, date = {2022-02-17}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49}, language = {English}, urldate = {2022-02-19} } Tracking SugarLocker ransomware & operator
Sugar
2022-02-16Medium s2wlabS2W TALON
@online{talon:20220216:post:82b63e4, author = {S2W TALON}, title = {{Post Mortem of KlaySwap Incident through BGP Hijacking | EN}}, date = {2022-02-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600}, language = {English}, urldate = {2022-02-26} } Post Mortem of KlaySwap Incident through BGP Hijacking | EN
2021-12-14Medium s2wlabS2W TALON
@online{talon:20211214:logs:198ffe4, author = {S2W TALON}, title = {{Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous}}, date = {2021-12-14}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/logs-of-log4shell-cve-2021-44228-log4j-is-ubiquitous-en-809064312039}, language = {English}, urldate = {2022-01-05} } Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous
Kinsing Mirai Tsunami
2021-12-10Medium s2wlabS2W TALON
@online{talon:20211210:blackcat:2ec3ecf, author = {S2W TALON}, title = {{BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration}}, date = {2021-12-10}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809}, language = {English}, urldate = {2022-01-06} } BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration
BlackCat BlackMatter
2021-10-05Medium s2wlabS2W TALON
@online{talon:20211005:prometheus:b698c61, author = {S2W TALON}, title = {{Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.}}, date = {2021-10-05}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd}, language = {English}, urldate = {2021-10-11} } Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.
Prometheus
2021-09-09Medium s2wlabS2W TALON
@online{talon:20210909:case:fdbe983, author = {S2W TALON}, title = {{Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction}}, date = {2021-09-09}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/case-analysis-of-suncrypt-ransomware-negotiation-and-bitcoin-transaction-43a2194ac0bc}, language = {English}, urldate = {2021-09-12} } Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction
SunCrypt
2021-09-08Medium s2wlabS2W TALON
@online{talon:20210908:grooves:64ea498, author = {S2W TALON}, title = {{Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands}}, date = {2021-09-08}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/grooves-thoughts-on-blackmatter-babuk-and-interruption-in-the-supply-of-cheese-in-the-b5328bc764f2}, language = {English}, urldate = {2021-09-12} } Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands
Babuk BlackMatter Babuk BlackMatter
2021-09-01Medium s2wlabS2W LAB INTELLIGENCE TEAM, Denise Dasom Kim, Jungyeon Lim, Yeonghyeon Jeong, Sujin Lim, Chaewon Moon
@online{team:20210901:blackmatter:6a2a025, author = {S2W LAB INTELLIGENCE TEAM and Denise Dasom Kim and Jungyeon Lim and Yeonghyeon Jeong and Sujin Lim and Chaewon Moon}, title = {{BlackMatter x Babuk : Using the same web server for sharing leaked files}}, date = {2021-09-01}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751}, language = {English}, urldate = {2021-09-06} } BlackMatter x Babuk : Using the same web server for sharing leaked files
Babuk BlackMatter Babuk BlackMatter
2021-07-14Medium s2wlabJaeki Kim
@online{kim:20210714:matryoshka:6c8d267, author = {Jaeki Kim}, title = {{Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)}}, date = {2021-07-14}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48}, language = {English}, urldate = {2021-07-20} } Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
RokRAT
2021-07-08Medium s2wlabSojun Ryu
@online{ryu:20210708:analysis:65a332a, author = {Sojun Ryu}, title = {{Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea}}, date = {2021-07-08}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/analysis-of-lazarus-malware-abusing-non-activex-module-in-south-korea-7d52b9539c12}, language = {English}, urldate = {2021-07-09} } Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
2021-07-07Medium s2wlabSeunghoe Kim
@online{kim:20210707:deep:3903b28, author = {Seunghoe Kim}, title = {{Deep analysis of KPOT Stealer}}, date = {2021-07-07}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-kpot-stealer-fb1d2be9c5dd}, language = {English}, urldate = {2021-07-09} } Deep analysis of KPOT Stealer
KPOT Stealer
2021-06-23Medium s2wlabSojun Ryu
@online{ryu:20210623:deep:b255667, author = {Sojun Ryu}, title = {{Deep analysis of REvil Ransomware}}, date = {2021-06-23}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-revil-ransomware-written-in-korean-d1899c0e9317}, language = {Korean}, urldate = {2021-07-29} } Deep analysis of REvil Ransomware
REvil
2021-06-03Medium s2wlabHyunmin Suh, Denise Dasom Kim, Jungyeon Lim, YH Jeong
@online{suh:20210603:w1:f034ac8, author = {Hyunmin Suh and Denise Dasom Kim and Jungyeon Lim and YH Jeong}, title = {{W1 Jun | EN | Story of the week: Ransomware on the Darkweb}}, date = {2021-06-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w1-jun-en-story-of-the-week-ransomware-on-the-darkweb-af491d33868b}, language = {English}, urldate = {2021-06-16} } W1 Jun | EN | Story of the week: Ransomware on the Darkweb
DarkSide Babuk DarkSide
2021-05-28Medium s2wlabSojun Ryu
@online{ryu:20210528:deep:c5d221c, author = {Sojun Ryu}, title = {{Deep Analysis of Vidar Stealer}}, date = {2021-05-28}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed}, language = {English}, urldate = {2021-06-16} } Deep Analysis of Vidar Stealer
Vidar
2021-05-25Medium s2wlabHyunmin Suh, Denise Dasom Kim, Jungyeon Lim
@online{suh:20210525:w4:b927684, author = {Hyunmin Suh and Denise Dasom Kim and Jungyeon Lim}, title = {{W4 May | EN | Story of the week: Ransomware on the Darkweb}}, date = {2021-05-25}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w4-may-en-story-of-the-week-ransomware-on-the-darkweb-5f5b8d4c3b6f}, language = {English}, urldate = {2021-06-16} } W4 May | EN | Story of the week: Ransomware on the Darkweb
Babuk REvil