diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md
index 4031893..f677cfe 100644
--- a/malware-analysis_ref_and_memo.md
+++ b/malware-analysis_ref_and_memo.md
@@ -223,6 +223,8 @@ DFIR,マルウェア解析，OSINTに特化したUbuntuベースのディスト
 ### .NET analysis
 - **[dnspy](https://github.com/0xd4d/dnSpy)<br>**
 .NETデコンパイラ,C#やVBで作成された実行ファイルを高精度でデコンパイルする
+	- ref:
+		- [The Use – and Abuse – of DotNet Files, and the Value of FortiResponder Automation in the Threat Analysis Process](fortinet.com/blog/threat-research/the-use-and-abuse-of-dotnet-files-and-the-value-of-fortresponder-automation-in-threat-analysis.html)
 
 ### Utilities
 - **[PeBear](https://github.com/hasherezade/pe-bear-releases)**