Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-05-14ESET ResearchPeter Kálnai
@online{klnai:20200514:mikroceen:b259a8c, author = {Peter Kálnai}, title = {{Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia}}, date = {2020-05-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/}, language = {English}, urldate = {2020-05-14} } Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
BYEBY Microcin
2020-05-14ESET ResearchPeter Kálnai
@online{klnai:20200514:mikroceen:3e541ad, author = {Peter Kálnai}, title = {{Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia}}, date = {2020-05-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia}, language = {English}, urldate = {2022-07-25} } Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
Microcin Vicious Panda
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2020-01-13GigamonWilliam Peteroy, Ed Miles
@online{peteroy:20200113:emotet:60abae1, author = {William Peteroy and Ed Miles}, title = {{Emotet: Not your Run-of-the-mill Malware}}, date = {2020-01-13}, organization = {Gigamon}, url = {https://atr-blog.gigamon.com/2020/01/13/emotet-not-your-run-of-the-mill-malware/}, language = {English}, urldate = {2020-01-17} } Emotet: Not your Run-of-the-mill Malware
Emotet
2019-12-12mrfr05t
@online{mrfr05t:20191212:mrpeter:8ba7456, author = {mrfr05t}, title = {{Mr.Peter}}, date = {2019-12-12}, url = {https://github.com/mrfr05t/Mr.Peter}, language = {English}, urldate = {2020-03-13} } Mr.Peter
MrPeter
2019-09-18SophosLabs UncutPeter Mackenzie
@online{mackenzie:20190918:wannacry:7aeb8e1, author = {Peter Mackenzie}, title = {{The WannaCry hangover}}, date = {2019-09-18}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/09/18/the-wannacry-hangover/}, language = {English}, urldate = {2022-03-18} } The WannaCry hangover
WannaCryptor
2019-09-17SophosLabsPeter Mackenzie
@techreport{mackenzie:20190917:wannacry:250bb80, author = {Peter Mackenzie}, title = {{WannaCry Aftershock}}, date = {2019-09-17}, institution = {SophosLabs}, url = {https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/WannaCry-Aftershock.pdf}, language = {English}, urldate = {2022-03-22} } WannaCry Aftershock
WannaCryptor
2019-05-19nrkHenrik Lied, Peter Svaar, Dennis Ravndal, Anders Brekke, Kristine Hirsti
@online{lied:20190519:skreddersydd:e16c8d8, author = {Henrik Lied and Peter Svaar and Dennis Ravndal and Anders Brekke and Kristine Hirsti}, title = {{Skreddersydd dobbeltangrep mot Hydro}}, date = {2019-05-19}, organization = {nrk}, url = {https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202}, language = {Norwegian}, urldate = {2019-11-21} } Skreddersydd dobbeltangrep mot Hydro
LockerGoga
2019CSISBenoît Ancel, Peter Kruse
@techreport{ancel:2019:dreambot:e29023e, author = {Benoît Ancel and Peter Kruse}, title = {{Dreambot Business overview 2019}}, date = {2019}, institution = {CSIS}, url = {http://benkow.cc/DreambotSAS19.pdf}, language = {English}, urldate = {2019-12-10} } Dreambot Business overview 2019
ISFB
2018-12-10BotconfJakub Souček, Jakub Tomanek, Peter Kálnai
@online{souek:20181210:collecting:fe52669, author = {Jakub Souček and Jakub Tomanek and Peter Kálnai}, title = {{Collecting Malicious Particles from Neutrino Botnets}}, date = {2018-12-10}, organization = {Botconf}, url = {https://journal.cecyf.fr/ojs/index.php/cybin/article/view/22}, language = {English}, urldate = {2020-01-13} } Collecting Malicious Particles from Neutrino Botnets
Neutrino
2018-10-03Virus BulletinPeter Kálnai, Michal Poslušný
@techreport{klnai:20181003:lazarus:bebf0ad, author = {Peter Kálnai and Michal Poslušný}, title = {{LAZARUS GROUP: A MAHJONG GAME PLAYED WITH DIFFERENT SETS OF TILES}}, date = {2018-10-03}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf}, language = {English}, urldate = {2020-01-06} } LAZARUS GROUP: A MAHJONG GAME PLAYED WITH DIFFERENT SETS OF TILES
HOTWAX
2018-08-01SophosLabsPeter Mackenzie, Dorka Palotay, Andrew Brandt, Mark Stockley, Luca Nagy, Simon Porter, Hajnalka Kope, Claire Mackenzie
@techreport{mackenzie:20180801:samsam:73fdb9a, author = {Peter Mackenzie and Dorka Palotay and Andrew Brandt and Mark Stockley and Luca Nagy and Simon Porter and Hajnalka Kope and Claire Mackenzie}, title = {{SamSam: The (Almost) Six Million Dollar Ransomware}}, date = {2018-08-01}, institution = {SophosLabs}, url = {https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf}, language = {English}, urldate = {2022-03-22} } SamSam: The (Almost) Six Million Dollar Ransomware
SamSam
2018-07-13Trend MicroTony Yang, Peter Lee
@online{yang:20180713:vpnfilteraffected:a08c4ae, author = {Tony Yang and Peter Lee}, title = {{VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities}}, date = {2018-07-13}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/vpnfilter-affected-devices-still-riddled-with-19-vulnerabilities}, language = {English}, urldate = {2020-01-08} } VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
VPNFilter
2018-04-03ESET ResearchPeter Kálnai, Anton Cherepanov
@online{klnai:20180403:lazarus:14ff18c, author = {Peter Kálnai and Anton Cherepanov}, title = {{Lazarus KillDisks Central American casino}}, date = {2018-04-03}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/}, language = {English}, urldate = {2019-11-14} } Lazarus KillDisks Central American casino
KillDisk Lazarus Group
2018-04SophosDorka Palotay, Peter Mackenzie
@online{palotay:201804:samsam:9ca3687, author = {Dorka Palotay and Peter Mackenzie}, title = {{SamSam Ransomware Chooses Its Targets Carefully}}, date = {2018-04}, organization = {Sophos}, url = {https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/samsam-ransomware-chooses-its-targets-carefully-wpna.aspx}, language = {English}, urldate = {2019-12-20} } SamSam Ransomware Chooses Its Targets Carefully
SamSam
2017-09-28ESET ResearchPeter Kálnai, Michal Poslušný
@online{klnai:20170928:moneymaking:ac6e685, author = {Peter Kálnai and Michal Poslušný}, title = {{Money‑making machine: Monero‑mining malware}}, date = {2017-09-28}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/}, language = {English}, urldate = {2019-11-14} } Money‑making machine: Monero‑mining malware
Monero Miner
2017-06-09AT&TPeter Ewane
@online{ewane:20170609:macspy:608f090, author = {Peter Ewane}, title = {{MacSpy: OS X Mac RAT as a Service}}, date = {2017-06-09}, organization = {AT&T}, url = {https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service}, language = {English}, urldate = {2019-12-04} } MacSpy: OS X Mac RAT as a Service
MacSpy
2017-02-16ESET ResearchPeter Kálnai
@online{klnai:20170216:demystifying:7ae8785, author = {Peter Kálnai}, title = {{Demystifying targeted malware used against Polish banks}}, date = {2017-02-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/}, language = {English}, urldate = {2019-11-14} } Demystifying targeted malware used against Polish banks
HOTWAX NACHOCHEESE
2017-01-05ESET ResearchRobert Lipovsky, Peter Kálnai
@online{lipovsky:20170105:killdisk:5d49eac, author = {Robert Lipovsky and Peter Kálnai}, title = {{KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt}}, date = {2017-01-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt}, language = {English}, urldate = {2022-08-25} } KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt
KillDisk Sandworm
2017-01-05ESET ResearchRobert Lipovsky, Peter Kálnai
@online{lipovsky:20170105:killdisk:43eba48, author = {Robert Lipovsky and Peter Kálnai}, title = {{KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt}}, date = {2017-01-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/}, language = {English}, urldate = {2019-12-10} } KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt