Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-02Avast DecodedThreat Intelligence Team
@online{team:20221202:hitching:0cb7557, author = {Threat Intelligence Team}, title = {{Hitching a ride with Mustang Panda}}, date = {2022-12-02}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/}, language = {English}, urldate = {2022-12-02} } Hitching a ride with Mustang Panda
PlugX
2022-11-21Avast DecodedJan Rubín
@online{rubn:20221121:vipersoftx:339e815, author = {Jan Rubín}, title = {{ViperSoftX: Hiding in System Logs and Spreading VenomSoftX}}, date = {2022-11-21}, organization = {Avast Decoded}, url = {https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx/}, language = {English}, urldate = {2022-11-25} } ViperSoftX: Hiding in System Logs and Spreading VenomSoftX
ViperSoftX
2022-07-21Avast DecodedJan Vojtěšek
@online{vojtek:20220721:return:0ad0bec, author = {Jan Vojtěšek}, title = {{The Return of Candiru: Zero-days in the Middle East}}, date = {2022-07-21}, organization = {Avast Decoded}, url = {https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/}, language = {English}, urldate = {2022-07-28} } The Return of Candiru: Zero-days in the Middle East
2022-06-13Avast DecodedJan Neduchal, David Álvarez
@online{neduchal:20220613:linux:67027a5, author = {Jan Neduchal and David Álvarez}, title = {{Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild}}, date = {2022-06-13}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/}, language = {English}, urldate = {2022-06-15} } Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Rekoobe
2022-06-03Avast DecodedThreat Intelligence Team
@online{team:20220603:outbreak:f121601, author = {Threat Intelligence Team}, title = {{Outbreak of Follina in Australia}}, date = {2022-06-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia}, language = {English}, urldate = {2022-08-30} } Outbreak of Follina in Australia
AsyncRAT APT40
2022-04-21Avast DecodedDaniel Beneš
@online{bene:20220421:warez:b31715c, author = {Daniel Beneš}, title = {{Warez users fell for Certishell}}, date = {2022-04-21}, organization = {Avast Decoded}, url = {https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/}, language = {English}, urldate = {2022-04-29} } Warez users fell for Certishell
2022-04-14Avast DecodedVladimir Martyanov
@online{martyanov:20220414:zloader:23c520a, author = {Vladimir Martyanov}, title = {{Zloader 2: The Silent Night}}, date = {2022-04-14}, organization = {Avast Decoded}, url = {https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/}, language = {English}, urldate = {2022-04-15} } Zloader 2: The Silent Night
ISFB Raccoon Zloader
2022-04-07Avast DecodedPavel Novák, Jan Rubín
@online{novk:20220407:parrot:9c74f9b, author = {Pavel Novák and Jan Rubín}, title = {{Parrot TDS takes over web servers and threatens millions}}, date = {2022-04-07}, organization = {Avast Decoded}, url = {https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/}, language = {English}, urldate = {2022-04-08} } Parrot TDS takes over web servers and threatens millions
FAKEUPDATES Parrot TDS Parrot TDS WebShell NetSupportManager RAT
2022-03-22Avast DecodedLuigino Camastra, Igor Morgenstern, Jan Holman
@online{camastra:20220322:operation:05d8831, author = {Luigino Camastra and Igor Morgenstern and Jan Holman}, title = {{Operation Dragon Castling: APT group targeting betting companies}}, date = {2022-03-22}, organization = {Avast Decoded}, url = {https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies}, language = {English}, urldate = {2022-08-26} } Operation Dragon Castling: APT group targeting betting companies
FormerFirstRAT MulCom TianWu
2022-03-03Avast DecodedThreat Research Team
@online{team:20220303:help:d086921, author = {Threat Research Team}, title = {{Help for Ukraine: Free decryptor for HermeticRansom ransomware}}, date = {2022-03-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/}, language = {English}, urldate = {2022-03-03} } Help for Ukraine: Free decryptor for HermeticRansom ransomware
PartyTicket
2022-02-07Avast DecodedAvast Threat Research Team
@online{team:20220207:decrypted:f204a1f, author = {Avast Threat Research Team}, title = {{Decrypted: TargetCompany Ransomware}}, date = {2022-02-07}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/decrypted-targetcompany-ransomware/}, language = {English}, urldate = {2022-02-10} } Decrypted: TargetCompany Ransomware
TargetCompany
2021-10-27Avast DecodedAvast
@online{avast:20211027:avast:6b44ea1, author = {Avast}, title = {{Avast releases decryptor for AtomSilo and LockFile ransomware}}, date = {2021-10-27}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/}, language = {English}, urldate = {2021-11-08} } Avast releases decryptor for AtomSilo and LockFile ransomware
ATOMSILO LockFile
2021-09-20Avast DecodedAnh ho
@online{ho:20210920:blustealer:9beaf4b, author = {Anh ho}, title = {{BluStealer: from SpyEx to ThunderFox}}, date = {2021-09-20}, organization = {Avast Decoded}, url = {https://decoded.avast.io/anhho/blustealer/}, language = {English}, urldate = {2021-09-22} } BluStealer: from SpyEx to ThunderFox
BluStealer
2021-08-11Avast DecodedMartin Chlumecký
@online{chlumeck:20210811:dirtymoe:4cb640e, author = {Martin Chlumecký}, title = {{DirtyMoe: Rootkit Driver}}, date = {2021-08-11}, organization = {Avast Decoded}, url = {https://decoded.avast.io/martinchlumecky/dirtymoe-rootkit-driver/}, language = {English}, urldate = {2021-09-20} } DirtyMoe: Rootkit Driver
DirtyMoe
2021-07-08Avast DecodedThreat Intelligence Team
@online{team:20210708:decoding:04acb98, author = {Threat Intelligence Team}, title = {{Decoding Cobalt Strike: Understanding Payloads}}, date = {2021-07-08}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/}, language = {English}, urldate = {2021-07-08} } Decoding Cobalt Strike: Understanding Payloads
Cobalt Strike Empire Downloader
2021-07-01Avast DecodedLuigino Camastra, Igor Morgenstern, Jan Vojtěšek
@online{camastra:20210701:backdoored:4fce28c, author = {Luigino Camastra and Igor Morgenstern and Jan Vojtěšek}, title = {{Backdoored Client from Mongolian CA MonPass}}, date = {2021-07-01}, organization = {Avast Decoded}, url = {https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass}, language = {English}, urldate = {2022-07-29} } Backdoored Client from Mongolian CA MonPass
Cobalt Strike Earth Lusca
2021-07-01Avast DecodedLuigino Camastra, Igor Morgenstern, Jan Vojtěšek
@online{camastra:20210701:backdoored:6f26c16, author = {Luigino Camastra and Igor Morgenstern and Jan Vojtěšek}, title = {{Backdoored Client from Mongolian CA MonPass}}, date = {2021-07-01}, organization = {Avast Decoded}, url = {https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/}, language = {English}, urldate = {2022-07-25} } Backdoored Client from Mongolian CA MonPass
Cobalt Strike FishMaster
2021-06-16Avast DecodedMartin Chlumecký
@online{chlumeck:20210616:dirtymoe:9e1065a, author = {Martin Chlumecký}, title = {{DirtyMoe: Introduction and General Overview of Modularized Malware}}, date = {2021-06-16}, organization = {Avast Decoded}, url = {https://decoded.avast.io/martinchlumecky/dirtymoe-1/}, language = {English}, urldate = {2021-09-20} } DirtyMoe: Introduction and General Overview of Modularized Malware
DirtyMoe
2021-05-19Avast DecodedDavid Zimmer
@online{zimmer:20210519:binary:1fda440, author = {David Zimmer}, title = {{Binary Reuse of VB6 P-Code Functions}}, date = {2021-05-19}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/reusing-vb6-p-code-functions/}, language = {English}, urldate = {2021-05-26} } Binary Reuse of VB6 P-Code Functions
2021-05-12Avast DecodedDavid Zimmer
@online{zimmer:20210512:writing:f056e19, author = {David Zimmer}, title = {{Writing a VB6 P-Code Debugger}}, date = {2021-05-12}, organization = {Avast Decoded}, url = {https://decoded.avast.io/davidzimmer/writing-a-vb6-p-code-debugger/}, language = {English}, urldate = {2021-05-26} } Writing a VB6 P-Code Debugger