Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-23Medium s2wlabBLKSMTH, S2W TALON
@online{blksmth:20230323:scarcruft:82ba4d6, author = {BLKSMTH and S2W TALON}, title = {{Scarcruft Bolsters Arsenal for targeting individual Android devices}}, date = {2023-03-23}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/scarcruft-bolsters-arsenal-for-targeting-individual-android-devices-97d2bcef4ab}, language = {English}, urldate = {2023-03-27} } Scarcruft Bolsters Arsenal for targeting individual Android devices
RambleOn RokRAT
2023-03-20Medium s2wlabHOTSAUCE, S2W TALON
@online{hotsauce:20230320:detailed:d141765, author = {HOTSAUCE and S2W TALON}, title = {{Detailed Analysis of Cryptocurrency Phishing Through Famous YouTube Channel Hacking}}, date = {2023-03-20}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/detailed-analysis-of-cryptocurrency-phishing-through-famous-youtube-channel-hacking-cd40de8dce6f}, language = {Korean}, urldate = {2023-03-21} } Detailed Analysis of Cryptocurrency Phishing Through Famous YouTube Channel Hacking
2023-03-17Medium s2wlabBLKSMTH, S2W TALON
@online{blksmth:20230317:kimsuky:984e133, author = {BLKSMTH and S2W TALON}, title = {{Kimsuky group appears to be exploiting OneNote like the cybercrime group}}, date = {2023-03-17}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/kimsuky-group-appears-to-be-exploiting-onenote-like-the-cybercrime-group-3c96b0b85b9f}, language = {English}, urldate = {2023-03-20} } Kimsuky group appears to be exploiting OneNote like the cybercrime group
2023-02-27Medium s2wlabJiho Kim, Lee Sebin
@online{kim:20230227:lumma:9f3f99f, author = {Jiho Kim and Lee Sebin}, title = {{Lumma Stealer targets YouTubers via Spear-phishing Email}}, date = {2023-02-27}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7}, language = {English}, urldate = {2023-03-13} } Lumma Stealer targets YouTubers via Spear-phishing Email
Lumma Stealer
2022-10-24Medium s2wlabLee Sebin, Shin Yeongjae
@online{sebin:20221024:unveil:8034279, author = {Lee Sebin and Shin Yeongjae}, title = {{Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware}}, date = {2022-10-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f}, language = {English}, urldate = {2022-12-20} } Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
FastFire FastSpy
2022-09-22Medium s2wlabYang HuiSeong, Jeong Hyunsik
@online{huiseong:20220922:quick:9184019, author = {Yang HuiSeong and Jeong Hyunsik}, title = {{Quick Overview of Leaked LockBit 3.0 (Black) builder program}}, date = {2022-09-22}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/quick-overview-of-leaked-lockbit-3-0-black-builder-program-880ae511d085}, language = {English}, urldate = {2022-10-24} } Quick Overview of Leaked LockBit 3.0 (Black) builder program
LockBit
2022-07-06Medium s2wlabHOTSAUCE | S2W TALON
@online{talon:20220706:teng:799c55c, author = {HOTSAUCE | S2W TALON}, title = {{变脸, Teng Snake (a.k.a. Code Core)}}, date = {2022-07-06}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/%E5%8F%98%E8%84%B8-teng-snake-a-k-a-code-core-8c35268b4d1a}, language = {English}, urldate = {2022-07-12} } 变脸, Teng Snake (a.k.a. Code Core)
CodeCore Xiaoqiying
2022-06-16Medium s2wlabS2W TALON
@online{talon:20220616:raccoon:de7df76, author = {S2W TALON}, title = {{Raccoon Stealer is Back with a New Version}}, date = {2022-06-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d}, language = {English}, urldate = {2022-06-17} } Raccoon Stealer is Back with a New Version
Raccoon
2022-05-12Medium s2wlabJiho Kim
@online{kim:20220512:history:03c1535, author = {Jiho Kim}, title = {{The History of BlackGuard Stealer}}, date = {2022-05-12}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/the-history-of-blackguard-stealer-86207e72ffb4}, language = {English}, urldate = {2022-05-17} } The History of BlackGuard Stealer
BlackGuard
2022-04-01Medium s2wlabJiho Kim
@online{kim:20220401:rising:8510271, author = {Jiho Kim}, title = {{Rising Stealer in Q1 2022: BlackGuard Stealer}}, date = {2022-04-01}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/rising-stealer-in-q1-2022-blackguard-stealer-f516d9f85ee5}, language = {English}, urldate = {2022-04-15} } Rising Stealer in Q1 2022: BlackGuard Stealer
BlackGuard
2022-03-24Medium s2wlabS2W TALON
@online{talon:20220324:footsteps:aa24072, author = {S2W TALON}, title = {{Footsteps of the LAPSUS$ hacking group}}, date = {2022-03-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/footsteps-of-the-lapsus-hacking-group-73a8a143c375}, language = {Korean}, urldate = {2022-03-24} } Footsteps of the LAPSUS$ hacking group
2022-03-03Medium s2wlabJiho Kim
@online{kim:20220303:deep:3cac6e2, author = {Jiho Kim}, title = {{Deep Analysis of Redline Stealer: Leaked Credential with WCF}}, date = {2022-03-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904}, language = {English}, urldate = {2022-03-07} } Deep Analysis of Redline Stealer: Leaked Credential with WCF
RedLine Stealer
2022-02-17Medium s2wlabS2W TALON
@online{talon:20220217:tracking:5957935, author = {S2W TALON}, title = {{Tracking SugarLocker ransomware & operator}}, date = {2022-02-17}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49}, language = {English}, urldate = {2022-02-19} } Tracking SugarLocker ransomware & operator
Sugar
2022-02-16Medium s2wlabS2W TALON
@online{talon:20220216:post:82b63e4, author = {S2W TALON}, title = {{Post Mortem of KlaySwap Incident through BGP Hijacking | EN}}, date = {2022-02-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600}, language = {English}, urldate = {2022-02-26} } Post Mortem of KlaySwap Incident through BGP Hijacking | EN
2021-12-14Medium s2wlabS2W TALON
@online{talon:20211214:logs:198ffe4, author = {S2W TALON}, title = {{Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous}}, date = {2021-12-14}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/logs-of-log4shell-cve-2021-44228-log4j-is-ubiquitous-en-809064312039}, language = {English}, urldate = {2022-01-05} } Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous
Kinsing Mirai Tsunami
2021-12-10Medium s2wlabS2W TALON
@online{talon:20211210:blackcat:2ec3ecf, author = {S2W TALON}, title = {{BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration}}, date = {2021-12-10}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809}, language = {English}, urldate = {2022-01-06} } BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration
BlackCat BlackMatter
2021-10-05Medium s2wlabS2W TALON
@online{talon:20211005:prometheus:b698c61, author = {S2W TALON}, title = {{Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.}}, date = {2021-10-05}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd}, language = {English}, urldate = {2021-10-11} } Prometheus x Spook: Prometheus ransomware rebranded Spook ransomware.
Prometheus
2021-09-09Medium s2wlabS2W TALON
@online{talon:20210909:case:fdbe983, author = {S2W TALON}, title = {{Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction}}, date = {2021-09-09}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/case-analysis-of-suncrypt-ransomware-negotiation-and-bitcoin-transaction-43a2194ac0bc}, language = {English}, urldate = {2021-09-12} } Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction
SunCrypt
2021-09-08Medium s2wlabS2W TALON
@online{talon:20210908:grooves:64ea498, author = {S2W TALON}, title = {{Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands}}, date = {2021-09-08}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/grooves-thoughts-on-blackmatter-babuk-and-interruption-in-the-supply-of-cheese-in-the-b5328bc764f2}, language = {English}, urldate = {2021-09-12} } Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands
Babuk BlackMatter Babuk BlackMatter
2021-09-01Medium s2wlabS2W LAB INTELLIGENCE TEAM, Denise Dasom Kim, Jungyeon Lim, Yeonghyeon Jeong, Sujin Lim, Chaewon Moon
@online{team:20210901:blackmatter:6a2a025, author = {S2W LAB INTELLIGENCE TEAM and Denise Dasom Kim and Jungyeon Lim and Yeonghyeon Jeong and Sujin Lim and Chaewon Moon}, title = {{BlackMatter x Babuk : Using the same web server for sharing leaked files}}, date = {2021-09-01}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751}, language = {English}, urldate = {2021-09-06} } BlackMatter x Babuk : Using the same web server for sharing leaked files
Babuk BlackMatter Babuk BlackMatter