Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-06kienmanowar Blogm4n0w4r
@online{m4n0w4r:20210906:quick:0a892b2, author = {m4n0w4r}, title = {{Quick analysis CobaltStrike loader and shellcode}}, date = {2021-09-06}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2021/09/06/quick-analysis-cobaltstrike-loader-and-shellcode/}, language = {English}, urldate = {2021-09-10} } Quick analysis CobaltStrike loader and shellcode
Cobalt Strike
2021-08-04kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20210804:quicknote:791df11, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] MountLocker – Some pseudo-code snippets}}, date = {2021-08-04}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2021/08/04/quicknote-mountlocker-some-pseudo-code-snippets/}, language = {English}, urldate = {2021-09-09} } [QuickNote] MountLocker – Some pseudo-code snippets
Mount Locker
2021-05-24VinCSSm4n0w4r, Trương Quốc Ngân
@online{m4n0w4r:20210524:re022:97829ca, author = {m4n0w4r and Trương Quốc Ngân}, title = {{[RE022] Part 1: Quick analysis of malicious sample forging the official dispatch of the Central Inspection Committee}}, date = {2021-05-24}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/05/re022-part1-quick-analysis-of-malicious-sample-forging-the-official-dispach-of-the-Central-Inspection-Committee.html}, language = {English}, urldate = {2021-06-04} } [RE022] Part 1: Quick analysis of malicious sample forging the official dispatch of the Central Inspection Committee
2021-05-11kienmanowar Blogm4n0w4r
@online{m4n0w4r:20210511:quick:34539c5, author = {m4n0w4r}, title = {{Quick analysis note about DealPly (Adware)}}, date = {2021-05-11}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2021/05/11/quick-analysis-note-about-dealply-adware/}, language = {English}, urldate = {2021-05-19} } Quick analysis note about DealPly (Adware)
DealPly
2021-01-13VinCSSTran Trung Kien, m4n0w4r
@online{kien:20210113:re019:5b00767, author = {Tran Trung Kien and m4n0w4r}, title = {{[RE019] From A to X analyzing some real cases which used recent Emotet samples}}, date = {2021-01-13}, organization = {VinCSS}, url = {https://blog.vincss.net/2021/01/re019-from-a-to-x-analyzing-some-real-cases-which-used-recent-Emotet-samples.html}, language = {English}, urldate = {2021-01-25} } [RE019] From A to X analyzing some real cases which used recent Emotet samples
Emotet
2020-09-11VinCSSm4n0w4r
@online{m4n0w4r:20200911:re016:5134994, author = {m4n0w4r}, title = {{[RE016] Malware Analysis: ModiLoader}}, date = {2020-09-11}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/09/re016-malware-analysis-modiloader-eng.html}, language = {English}, urldate = {2020-09-11} } [RE016] Malware Analysis: ModiLoader
DBatLoader
2020-08-16kienmanowar Blogm4n0w4r
@online{m4n0w4r:20200816:manual:7a970b8, author = {m4n0w4r}, title = {{Manual Unpacking IcedID Write-up}}, date = {2020-08-16}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2020/08/16/manual-unpacking-icedid-write-up/}, language = {English}, urldate = {2020-08-20} } Manual Unpacking IcedID Write-up
IcedID
2020-06-27kienmanowar Blogm4n0w4r
@online{m4n0w4r:20200627:quick:4b18a32, author = {m4n0w4r}, title = {{Quick analysis note about GuLoader (or CloudEyE)}}, date = {2020-06-27}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2020/06/27/quick-analysis-note-about-guloader-or-cloudeye/}, language = {English}, urldate = {2020-07-13} } Quick analysis note about GuLoader (or CloudEyE)
CloudEyE
2020-05-05VinCSSm4n0w4r, Dang Dinh Phuong
@online{m4n0w4r:20200505:guloader:926315b, author = {m4n0w4r and Dang Dinh Phuong}, title = {{GuLoader AntiVM Techniques}}, date = {2020-05-05}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/05/re014-guloader-antivm-techniques.html}, language = {Vietnamese}, urldate = {2020-07-13} } GuLoader AntiVM Techniques
CloudEyE
2020-03-19VinCSSm4n0w4r
@online{m4n0w4r:20200319:phn:461fca7, author = {m4n0w4r}, title = {{Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2}}, date = {2020-03-19}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/03/re012-phan-tich-ma-doc-loi-dung-dich-COVID-19-de-phat-tan-gia-mao-chi-thi-cua-thu-tuong-Nguyen-Xuan-Phuc-phan2.html}, language = {Vietnamese}, urldate = {2020-03-19} } Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2
PlugX
2020-03-10VinCSSm4n0w4r
@online{m4n0w4r:20200310:re012:43d61e3, author = {m4n0w4r}, title = {{[RE012] Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 1}}, date = {2020-03-10}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/03/re012-phan-tich-ma-doc-loi-dung-dich-COVID-19-de-phat-tan-gia-mao-chi-thi-cua-thu-tuong-Nguyen-Xuan-Phuc.html}, language = {Vietnamese}, urldate = {2020-03-11} } [RE012] Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 1
Unidentified 075
2019-12-19VinCSSm4n0w4r
@online{m4n0w4r:20191219:re009:fc59940, author = {m4n0w4r}, title = {{[RE009] Phân tích mã độc “KẾ HOẠCH, NHIỆM VỤ TRỌNG TÂM NĂM 2020.doc” đính kèm email phishing}}, date = {2019-12-19}, organization = {VinCSS}, url = {https://blog.vincss.net/2019/12/re009-phan-tich-ma-doc-ke-hoach-nhiem-vu-trong-tam-2020.html}, language = {Vietnamese}, urldate = {2020-03-11} } [RE009] Phân tích mã độc “KẾ HOẠCH, NHIỆM VỤ TRỌNG TÂM NĂM 2020.doc” đính kèm email phishing
Unidentified 074 (Downloader)
2019-10-08m4n0w4r
@online{m4n0w4r:20191008:mt:a14c60d, author = {m4n0w4r}, title = {{Một sample nhắm vào Bank ở VN}}, date = {2019-10-08}, url = {https://tradahacking.vn/%C4%91%E1%BB%A3t-r%E1%BB%93i-t%C3%B4i-c%C3%B3-%C4%91%C4%83ng-m%E1%BB%99t-status-xin-d%E1%BA%A1o-tr%C3%AAn-fb-may-qu%C3%A1-c%C5%A9ng-c%C3%B3-v%C3%A0i-b%E1%BA%A1n-nhi%E1%BB%87t-t%C3%ACnh-g%E1%BB%ADi-cho-537b19ee3468}, language = {Vietnamese}, urldate = {2020-03-11} } Một sample nhắm vào Bank ở VN
OceanLotus
2019-06-27m4n0w4r
@online{m4n0w4r:20190627:tc:90087b2, author = {m4n0w4r}, title = {{Tốc kí một sample sử dụng CVE_2018_20250 (Target VN)}}, date = {2019-06-27}, url = {https://tradahacking.vn/t%E1%BB%91c-k%C3%AD-m%E1%BB%99t-sample-s%E1%BB%AD-d%E1%BB%A5ng-cve-2018-20250-target-vn-3ba306bf3d83}, language = {Vietnamese}, urldate = {2020-03-11} } Tốc kí một sample sử dụng CVE_2018_20250 (Target VN)
2019-05-31TradaHackingm4n0w4r
@online{m4n0w4r:20190531:thng:c687d46, author = {m4n0w4r}, title = {{Thưởng tết….}}, date = {2019-05-31}, organization = {TradaHacking}, url = {https://tradahacking.vn/th%C6%B0%E1%BB%9Fng-t%E1%BA%BFt-fbcbbed49da7}, language = {Vietnamese}, urldate = {2020-01-10} } Thưởng tết….
KerrDown
2019-01-03m4n0w4r
@online{m4n0w4r:20190103:another:2f48120, author = {m4n0w4r}, title = {{Another malicious document with CVE-2017–11882}}, date = {2019-01-03}, url = {https://tradahacking.vn/another-malicious-document-with-cve-2017-11882-839e9c0bbf2f}, language = {Vietnamese}, urldate = {2020-03-11} } Another malicious document with CVE-2017–11882
8.t Dropper
2018-11-03m4n0w4r
@online{m4n0w4r:20181103:l:d496fbd, author = {m4n0w4r}, title = {{Là 1937CN hay OceanLotus hay Lazarus …}}, date = {2018-11-03}, url = {https://tradahacking.vn/l%C3%A0-1937cn-hay-oceanlotus-hay-lazarus-6ca15fe1b241}, language = {Vietnamese}, urldate = {2020-03-11} } Là 1937CN hay OceanLotus hay Lazarus …
8.t Dropper