Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-09Github (m4now4r)m4n0w4r
@techreport{m4n0w4r:20220909:mustang:120306a, author = {m4n0w4r}, title = {{“Mustang Panda” – Enemy at the gate}}, date = {2022-09-09}, institution = {Github (m4now4r)}, url = {https://raw.githubusercontent.com/m4now4r/Presentations/main/MustangPanda%20-%20Enemy%20at%20the%20gate_final.pdf}, language = {English}, urldate = {2022-09-26} } “Mustang Panda” – Enemy at the gate
PlugX
2022-06-04kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220604:quicknote:dc79142, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] CobaltStrike SMB Beacon Analysis}}, date = {2022-06-04}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2022/06/04/quicknote-cobaltstrike-smb-beacon-analysis-2/}, language = {English}, urldate = {2022-06-07} } [QuickNote] CobaltStrike SMB Beacon Analysis
Cobalt Strike
2022-05-20VinCSSm4n0w4r, Tran Trung Kien, Dang Dinh Phuong
@online{m4n0w4r:20220520:re027:38348db, author = {m4n0w4r and Tran Trung Kien and Dang Dinh Phuong}, title = {{[RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam}}, date = {2022-05-20}, organization = {VinCSS}, url = {https://blog.vincss.net/2022/05/re027-china-based-apt-mustang-panda-might-have-still-continued-their-attack-activities-against-organizations-in-Vietnam.html}, language = {English}, urldate = {2022-05-20} } [RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam
PlugX
2022-04-25VinCSSm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220425:re026:6e05ed2, author = {m4n0w4r and Tran Trung Kien}, title = {{[RE026] A Deep Dive into Zloader - the Silent Night}}, date = {2022-04-25}, organization = {VinCSS}, url = {https://blog.vincss.net/2022/04/re026-a-deep-dive-into-zloader-the-silent-night.html}, language = {English}, urldate = {2022-04-25} } [RE026] A Deep Dive into Zloader - the Silent Night
Zloader
2022-03-21VinCSSTran Trung Kien, m4n0w4r
@online{kien:20220321:quicknote:4be36f8, author = {Tran Trung Kien and m4n0w4r}, title = {{[QuickNote] Analysis of Pandora ransomware}}, date = {2022-03-21}, organization = {VinCSS}, url = {https://kienmanowar.wordpress.com/2022/03/21/quicknote-analysis-of-pandora-ransomware/}, language = {English}, urldate = {2022-03-22} } [QuickNote] Analysis of Pandora ransomware
Pandora
2022-02-24kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220224:quicknote:bea9238, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] Techniques for decrypting BazarLoader strings}}, date = {2022-02-24}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2022/02/24/quicknote-techniques-for-decrypting-bazarloader-strings/}, language = {English}, urldate = {2022-03-01} } [QuickNote] Techniques for decrypting BazarLoader strings
BazarBackdoor
2022-01-26VinCSSm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220126:quicknote:caae223, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] Analysis of malware suspected to be an APT attack targeting Vietnam}}, date = {2022-01-26}, organization = {VinCSS}, url = {https://kienmanowar.wordpress.com/2022/01/26/quicknote-analysis-of-malware-suspected-to-be-an-apt-attack-targeting-vietnam/}, language = {English}, urldate = {2022-01-28} } [QuickNote] Analysis of malware suspected to be an APT attack targeting Vietnam
Unidentified 089 (Downloader)
2022-01-23kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220123:quicknote:852995b, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] Emotet epoch4 & epoch5 tactics}}, date = {2022-01-23}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2022/01/23/quicknote-emotet-epoch4-epoch5-tactics/}, language = {English}, urldate = {2022-01-25} } [QuickNote] Emotet epoch4 & epoch5 tactics
Emotet
2021-11-16Twitter (@kienbigmummy)m4n0w4r
@online{m4n0w4r:20211116:short:97d45fa, author = {m4n0w4r}, title = {{Tweet on short analysis of QakBot}}, date = {2021-11-16}, organization = {Twitter (@kienbigmummy)}, url = {https://twitter.com/kienbigmummy/status/1460537501676802051}, language = {English}, urldate = {2021-11-19} } Tweet on short analysis of QakBot
QakBot
2021-10-27VinCSSm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20211027:re025:52c8a55, author = {m4n0w4r and Tran Trung Kien}, title = {{[RE025] TrickBot ... many tricks}}, date = {2021-10-27}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/10/re025-trickbot-many-tricks.html}, language = {English}, urldate = {2021-11-02} } [RE025] TrickBot ... many tricks
TrickBot
2021-09-06kienmanowar Blogm4n0w4r
@online{m4n0w4r:20210906:quick:0a892b2, author = {m4n0w4r}, title = {{Quick analysis CobaltStrike loader and shellcode}}, date = {2021-09-06}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2021/09/06/quick-analysis-cobaltstrike-loader-and-shellcode/}, language = {English}, urldate = {2021-09-10} } Quick analysis CobaltStrike loader and shellcode
Cobalt Strike
2021-08-04kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20210804:quicknote:791df11, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] MountLocker – Some pseudo-code snippets}}, date = {2021-08-04}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2021/08/04/quicknote-mountlocker-some-pseudo-code-snippets/}, language = {English}, urldate = {2021-09-09} } [QuickNote] MountLocker – Some pseudo-code snippets
Mount Locker
2021-05-24VinCSSm4n0w4r, Trương Quốc Ngân
@online{m4n0w4r:20210524:re022:97829ca, author = {m4n0w4r and Trương Quốc Ngân}, title = {{[RE022] Part 1: Quick analysis of malicious sample forging the official dispatch of the Central Inspection Committee}}, date = {2021-05-24}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/05/re022-part1-quick-analysis-of-malicious-sample-forging-the-official-dispach-of-the-Central-Inspection-Committee.html}, language = {English}, urldate = {2021-06-04} } [RE022] Part 1: Quick analysis of malicious sample forging the official dispatch of the Central Inspection Committee
2021-05-11kienmanowar Blogm4n0w4r
@online{m4n0w4r:20210511:quick:34539c5, author = {m4n0w4r}, title = {{Quick analysis note about DealPly (Adware)}}, date = {2021-05-11}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2021/05/11/quick-analysis-note-about-dealply-adware/}, language = {English}, urldate = {2021-05-19} } Quick analysis note about DealPly (Adware)
DealPly
2021-01-13VinCSSTran Trung Kien, m4n0w4r
@online{kien:20210113:re019:5b00767, author = {Tran Trung Kien and m4n0w4r}, title = {{[RE019] From A to X analyzing some real cases which used recent Emotet samples}}, date = {2021-01-13}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/01/re019-from-a-to-x-analyzing-some-real-cases-which-used-recent-Emotet-samples.html}, language = {English}, urldate = {2021-01-25} } [RE019] From A to X analyzing some real cases which used recent Emotet samples
Emotet
2020-09-11VinCSSm4n0w4r
@online{m4n0w4r:20200911:re016:5134994, author = {m4n0w4r}, title = {{[RE016] Malware Analysis: ModiLoader}}, date = {2020-09-11}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/09/re016-malware-analysis-modiloader-eng.html}, language = {English}, urldate = {2020-09-11} } [RE016] Malware Analysis: ModiLoader
DBatLoader
2020-08-16kienmanowar Blogm4n0w4r
@online{m4n0w4r:20200816:manual:7a970b8, author = {m4n0w4r}, title = {{Manual Unpacking IcedID Write-up}}, date = {2020-08-16}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2020/08/16/manual-unpacking-icedid-write-up/}, language = {English}, urldate = {2020-08-20} } Manual Unpacking IcedID Write-up
IcedID
2020-06-27kienmanowar Blogm4n0w4r
@online{m4n0w4r:20200627:quick:4b18a32, author = {m4n0w4r}, title = {{Quick analysis note about GuLoader (or CloudEyE)}}, date = {2020-06-27}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2020/06/27/quick-analysis-note-about-guloader-or-cloudeye/}, language = {English}, urldate = {2020-07-13} } Quick analysis note about GuLoader (or CloudEyE)
CloudEyE
2020-05-05VinCSSm4n0w4r, Dang Dinh Phuong
@online{m4n0w4r:20200505:guloader:926315b, author = {m4n0w4r and Dang Dinh Phuong}, title = {{GuLoader AntiVM Techniques}}, date = {2020-05-05}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/05/re014-guloader-antivm-techniques.html}, language = {Vietnamese}, urldate = {2020-07-13} } GuLoader AntiVM Techniques
CloudEyE
2020-03-19VinCSSm4n0w4r
@online{m4n0w4r:20200319:phn:461fca7, author = {m4n0w4r}, title = {{Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2}}, date = {2020-03-19}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/03/re012-phan-tich-ma-doc-loi-dung-dich-COVID-19-de-phat-tan-gia-mao-chi-thi-cua-thu-tuong-Nguyen-Xuan-Phuc-phan2.html}, language = {Vietnamese}, urldate = {2020-03-19} } Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2
PlugX