Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-20Avast DecodedAnh ho
@online{ho:20210920:blustealer:9beaf4b, author = {Anh ho}, title = {{BluStealer: from SpyEx to ThunderFox}}, date = {2021-09-20}, organization = {Avast Decoded}, url = {https://decoded.avast.io/anhho/blustealer/}, language = {English}, urldate = {2021-09-22} } BluStealer: from SpyEx to ThunderFox
BluStealer
2021-09-17AvastMartin Chlumecký
@online{chlumeck:20210917:dirtymoe:d684802, author = {Martin Chlumecký}, title = {{DirtyMoe: Code Signing Certificate}}, date = {2021-09-17}, organization = {Avast}, url = {https://decoded.avast.io/martinchlumecky/dirtymoe-3/}, language = {English}, urldate = {2021-09-20} } DirtyMoe: Code Signing Certificate
DirtyMoe
2021-08-11Avast DecodedMartin Chlumecký
@online{chlumeck:20210811:dirtymoe:4cb640e, author = {Martin Chlumecký}, title = {{DirtyMoe: Rootkit Driver}}, date = {2021-08-11}, organization = {Avast Decoded}, url = {https://decoded.avast.io/martinchlumecky/dirtymoe-rootkit-driver/}, language = {English}, urldate = {2021-09-20} } DirtyMoe: Rootkit Driver
DirtyMoe
2021-07-29AvastJan Vojtěšek
@online{vojtek:20210729:magnitude:3c9e478, author = {Jan Vojtěšek}, title = {{Magnitude Exploit Kit: Still Alive and Kicking}}, date = {2021-07-29}, organization = {Avast}, url = {https://decoded.avast.io/janvojtesek/magnitude-exploit-kit-still-alive-and-kicking/}, language = {English}, urldate = {2021-08-03} } Magnitude Exploit Kit: Still Alive and Kicking
Magniber
2021-07-08Avast DecodedThreat Intelligence Team
@online{team:20210708:decoding:04acb98, author = {Threat Intelligence Team}, title = {{Decoding Cobalt Strike: Understanding Payloads}}, date = {2021-07-08}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/}, language = {English}, urldate = {2021-07-08} } Decoding Cobalt Strike: Understanding Payloads
Cobalt Strike Empire Downloader
2021-07-01Avast DecodedLuigino Camastra, Igor Morgenstern, Jan Vojtěšek
@online{camastra:20210701:backdoored:6f26c16, author = {Luigino Camastra and Igor Morgenstern and Jan Vojtěšek}, title = {{Backdoored Client from Mongolian CA MonPass}}, date = {2021-07-01}, organization = {Avast Decoded}, url = {https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/}, language = {English}, urldate = {2021-07-02} } Backdoored Client from Mongolian CA MonPass
Cobalt Strike
2021-06-24AvastDaniel Beneš
@online{bene:20210624:crackonosh:ce54a93, author = {Daniel Beneš}, title = {{Crackonosh: A New Malware Distributed in Cracked Software}}, date = {2021-06-24}, organization = {Avast}, url = {https://decoded.avast.io/danielbenes/crackonosh-a-new-malware-distributed-in-cracked-software/}, language = {English}, urldate = {2021-06-29} } Crackonosh: A New Malware Distributed in Cracked Software
2021-06-16Avast DecodedMartin Chlumecký
@online{chlumeck:20210616:dirtymoe:9e1065a, author = {Martin Chlumecký}, title = {{DirtyMoe: Introduction and General Overview of Modularized Malware}}, date = {2021-06-16}, organization = {Avast Decoded}, url = {https://decoded.avast.io/martinchlumecky/dirtymoe-1/}, language = {English}, urldate = {2021-09-20} } DirtyMoe: Introduction and General Overview of Modularized Malware
DirtyMoe
2021-05-19Avast DecodedDavid Zimmer
@online{zimmer:20210519:binary:1fda440, author = {David Zimmer}, title = {{Binary Reuse of VB6 P-Code Functions}}, date = {2021-05-19}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/reusing-vb6-p-code-functions/}, language = {English}, urldate = {2021-05-26} } Binary Reuse of VB6 P-Code Functions
2021-05-12Avast DecodedDavid Zimmer
@online{zimmer:20210512:writing:f056e19, author = {David Zimmer}, title = {{Writing a VB6 P-Code Debugger}}, date = {2021-05-12}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/writing-a-vb6-p-code-debugger/}, language = {English}, urldate = {2021-05-26} } Writing a VB6 P-Code Debugger
2021-05-05Avast DecodedDavid Zimmer
@online{zimmer:20210505:vb6:c12dd45, author = {David Zimmer}, title = {{VB6 P-Code Disassembly}}, date = {2021-05-05}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/vb6-p-code-disassembly/}, language = {English}, urldate = {2021-05-26} } VB6 P-Code Disassembly
2021-04-28Avast DecodedDavid Zimmer
@online{zimmer:20210428:vb6:a8bfd2e, author = {David Zimmer}, title = {{VB6 P-Code Obfuscation}}, date = {2021-04-28}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/vb6-p-code-obfuscation/}, language = {English}, urldate = {2021-05-26} } VB6 P-Code Obfuscation
2021-04-22Avast DecodedDavid Zimmer
@online{zimmer:20210422:binary:ec29b94, author = {David Zimmer}, title = {{Binary Data Hiding in VB6 Executables}}, date = {2021-04-22}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/binary-data-hiding-in-vb6-executables/}, language = {English}, urldate = {2021-04-29} } Binary Data Hiding in VB6 Executables
2021-04-15Avast DecodedRomana Tesařová
@online{tesaov:20210415:hackboss:18b3c2e, author = {Romana Tesařová}, title = {{HackBoss: A cryptocurrency-stealing malware distributed through Telegram}}, date = {2021-04-15}, organization = {Avast Decoded}, url = {https://decoded.avast.io/romanalinkeova/hackboss-a-cryptocurrency-stealing-malware-distributed-through-telegram/}, language = {English}, urldate = {2021-04-16} } HackBoss: A cryptocurrency-stealing malware distributed through Telegram
2021-03-17Avast DecodedJakub Kaloč
@online{kalo:20210317:hidden:7757b8d, author = {Jakub Kaloč}, title = {{Hidden menace: Peeling back the secrets of OnionCrypter}}, date = {2021-03-17}, organization = {Avast Decoded}, url = {https://decoded.avast.io/jakubkaloc/onion-crypter/}, language = {English}, urldate = {2021-03-19} } Hidden menace: Peeling back the secrets of OnionCrypter
2021-02-22Avast DecodedAnh ho
@online{ho:20210222:masslogger:632f622, author = {Anh ho}, title = {{MassLogger v3: a .NET stealer with serious obfuscation}}, date = {2021-02-22}, organization = {Avast Decoded}, url = {https://decoded.avast.io/anhho/masslogger-v3-a-net-stealer-with-serious-obfuscation/}, language = {English}, urldate = {2021-02-25} } MassLogger v3: a .NET stealer with serious obfuscation
MASS Logger
2021-02-03Avast DecodedJan Vojtěšek, Jan Rubín
@online{vojtek:20210203:backdoored:21906b8, author = {Jan Vojtěšek and Jan Rubín}, title = {{Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests}}, date = {2021-02-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/}, language = {English}, urldate = {2021-02-04} } Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
2020-12-09Avast DecodedLuigino Camastra, Igor Morgenstern
@online{camastra:20201209:targeting:952844f, author = {Luigino Camastra and Igor Morgenstern}, title = {{APT Group Targeting Governmental Agencies in East Asia}}, date = {2020-12-09}, organization = {Avast Decoded}, url = {https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/}, language = {English}, urldate = {2021-01-27} } APT Group Targeting Governmental Agencies in East Asia
Albaniiutas HyperBro PlugX Tmanger
2020-10-27AvastLisandro Ubiedo
@online{ubiedo:20201027:data:285fc7a, author = {Lisandro Ubiedo}, title = {{Data exfiltration via IPv6}}, date = {2020-10-27}, organization = {Avast}, url = {https://blog.avast.com/data-exfiltration-via-ipv6-avast}, language = {English}, urldate = {2020-11-02} } Data exfiltration via IPv6
2020-10-14Avast DecodedJan Vojtěšek
@online{vojtek:20201014:fakembam:abce405, author = {Jan Vojtěšek}, title = {{FakeMBAM: Backdoor Delivered Through Software Updates}}, date = {2020-10-14}, organization = {Avast Decoded}, url = {https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/}, language = {English}, urldate = {2020-10-23} } FakeMBAM: Backdoor Delivered Through Software Updates