Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-05-14ESET ResearchPeter Kálnai
@online{klnai:20200514:mikroceen:b259a8c, author = {Peter Kálnai}, title = {{Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia}}, date = {2020-05-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/}, language = {English}, urldate = {2020-05-14} } Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
BYEBY Microcin
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
@online{poslun:20200131:rich:c25f156, author = {Michal Poslušný and Peter Kálnai}, title = {{Rich Headers: leveraging this mysterious artifact of the PE format}}, date = {2020-01-31}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/}, language = {English}, urldate = {2020-02-03} } Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2018-12-10BotconfJakub Souček, Jakub Tomanek, Peter Kálnai
@online{souek:20181210:collecting:fe52669, author = {Jakub Souček and Jakub Tomanek and Peter Kálnai}, title = {{Collecting Malicious Particles from Neutrino Botnets}}, date = {2018-12-10}, organization = {Botconf}, url = {https://journal.cecyf.fr/ojs/index.php/cybin/article/view/22}, language = {English}, urldate = {2020-01-13} } Collecting Malicious Particles from Neutrino Botnets
Neutrino
2018-10-03Virus BulletinPeter Kálnai, Michal Poslušný
@techreport{klnai:20181003:lazarus:bebf0ad, author = {Peter Kálnai and Michal Poslušný}, title = {{LAZARUS GROUP: A MAHJONG GAME PLAYED WITH DIFFERENT SETS OF TILES}}, date = {2018-10-03}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf}, language = {English}, urldate = {2020-01-06} } LAZARUS GROUP: A MAHJONG GAME PLAYED WITH DIFFERENT SETS OF TILES
HOTWAX
2018-04-03ESET ResearchPeter Kálnai, Anton Cherepanov
@online{klnai:20180403:lazarus:14ff18c, author = {Peter Kálnai and Anton Cherepanov}, title = {{Lazarus KillDisks Central American casino}}, date = {2018-04-03}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/}, language = {English}, urldate = {2019-11-14} } Lazarus KillDisks Central American casino
KillDisk Lazarus Group
2017-09-28ESET ResearchPeter Kálnai, Michal Poslušný
@online{klnai:20170928:moneymaking:ac6e685, author = {Peter Kálnai and Michal Poslušný}, title = {{Money‑making machine: Monero‑mining malware}}, date = {2017-09-28}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/}, language = {English}, urldate = {2019-11-14} } Money‑making machine: Monero‑mining malware
Monero Miner
2017-02-16ESET ResearchPeter Kálnai
@online{klnai:20170216:demystifying:7ae8785, author = {Peter Kálnai}, title = {{Demystifying targeted malware used against Polish banks}}, date = {2017-02-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/}, language = {English}, urldate = {2019-11-14} } Demystifying targeted malware used against Polish banks
HOTWAX NACHOCHEESE
2017-01-05ESET ResearchRobert Lipovsky, Peter Kálnai
@online{lipovsky:20170105:killdisk:43eba48, author = {Robert Lipovsky and Peter Kálnai}, title = {{KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt}}, date = {2017-01-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/}, language = {English}, urldate = {2019-12-10} } KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt
TeleBots
2016-12-20ESET ResearchPeter Kálnai, Michal Malík
@online{klnai:20161220:new:4044e88, author = {Peter Kálnai and Michal Malík}, title = {{New Linux/Rakos threat: devices and servers under SSH scan (again)}}, date = {2016-12-20}, organization = {ESET Research}, url = {http://www.welivesecurity.com/2016/12/20/new-linuxrakos-threat-devices-servers-ssh-scan/}, language = {English}, urldate = {2019-12-20} } New Linux/Rakos threat: devices and servers under SSH scan (again)
Rakos
2016-12-20ESET ResearchPeter Kálnai, Michal Malík
@online{klnai:20161220:new:05597b1, author = {Peter Kálnai and Michal Malík}, title = {{New Linux/Rakos threat: devices and servers under SSH scan (again)}}, date = {2016-12-20}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2016/12/20/new-linuxrakos-threat-devices-servers-ssh-scan/}, language = {English}, urldate = {2019-11-14} } New Linux/Rakos threat: devices and servers under SSH scan (again)
2016-01-01Virus BulletinPeter Kálnai, Jaromír Hořejší
@online{klnai:20160101:notes:100f4d8, author = {Peter Kálnai and Jaromír Hořejší}, title = {{Notes on click fraud: American story}}, date = {2016-01-01}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2016/01/paper-notes-click-fraud-american-story/}, language = {English}, urldate = {2020-03-04} } Notes on click fraud: American story
Alureon ZeroAccess
2015-09Virus BulletinPeter Kálnai, Jaromír Hořejší
@techreport{klnai:201509:ddos:21c35c6, author = {Peter Kálnai and Jaromír Hořejší}, title = {{DDOS TROJAN: A MALICIOUS CONCEPT THAT CONQUERED THE ELF FORMAT}}, date = {2015-09}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2015/KalnaiHorejsi-VB2015.pdf}, language = {English}, urldate = {2020-01-08} } DDOS TROJAN: A MALICIOUS CONCEPT THAT CONQUERED THE ELF FORMAT
XOR DDoS
2015-01-06AvastPeter Kálnai
@online{klnai:20150106:linux:d8e30ec, author = {Peter Kálnai}, title = {{Linux DDoS Trojan hiding itself with an embedded rootkit}}, date = {2015-01-06}, organization = {Avast}, url = {https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/}, language = {English}, urldate = {2020-02-25} } Linux DDoS Trojan hiding itself with an embedded rootkit
XOR DDoS
2013-10-29RSA ConferencePeter Kálnai, Jaromír Hořejší
@techreport{klnai:20131029:dissecting:30488b5, author = {Peter Kálnai and Jaromír Hořejší}, title = {{Dissecting Banking Trojan Carberp}}, date = {2013-10-29}, institution = {RSA Conference}, url = {https://web.archive.org/web/20150713145858/http://www.rsaconference.com/writable/presentations/file_upload/ht-t06-dissecting-banking-trojan-carberp_copy1.pdf}, language = {English}, urldate = {2020-02-27} } Dissecting Banking Trojan Carberp
Carberp
2013-09-25AvastPeter Kálnai
@online{klnai:20130925:win3264napolar:4f16ddc, author = {Peter Kálnai}, title = {{Win32/64:Napolar: New Trojan shines on the cyber crime-scene}}, date = {2013-09-25}, organization = {Avast}, url = {https://blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/}, language = {English}, urldate = {2020-02-26} } Win32/64:Napolar: New Trojan shines on the cyber crime-scene
Solarbot
2013-08-27AvastPeter Kálnai
@online{klnai:20130827:linux:02c05c7, author = {Peter Kálnai}, title = {{Linux Trojan “Hand of Thief” ungloved}}, date = {2013-08-27}, organization = {Avast}, url = {https://blog.avast.com/2013/08/27/linux-trojan-hand-of-thief-ungloved/}, language = {English}, urldate = {2020-03-02} } Linux Trojan “Hand of Thief” ungloved
Hand of Thief
2013-07-22AvastPeter Kálnai
@online{klnai:20130722:multisystem:907e0a4, author = {Peter Kálnai}, title = {{Multisystem Trojan Janicab attacks Windows and MacOSX via scripts}}, date = {2013-07-22}, organization = {Avast}, url = {https://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/}, language = {English}, urldate = {2020-05-20} } Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
Janicab
2013-04-08AvastPeter Kálnai
@online{klnai:20130408:banking:20bce4c, author = {Peter Kálnai}, title = {{Banking Trojan Carberp: An Epitaph?}}, date = {2013-04-08}, organization = {Avast}, url = {https://blog.avast.com/2013/04/08/carberp_epitaph/}, language = {English}, urldate = {2020-02-25} } Banking Trojan Carberp: An Epitaph?
Carberp