Uri Terror attack & Kashmir Protest Themed spear phishing emails targeting Indian Embassies and Indian Ministry of external affairs

In my previous blog I posted details of a cyber attack targeting Indian government organizations. This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the […]


Malware Actors Using NIC Cyber Security Themed Spear Phishing to Target Indian Government Organizations

This blog post describes an attack campaign where NIC (National Informatics Centre) Cyber Security themed spear phishing email was used to possibly target Indian government organizations. In order to infect the victims, the attackers distributed spear-phishing email, which purports to have been sent from NIC’s Incident response team, the attackers spoofed an email id that […]


Cyber Security with Amit Malik – Episode 2 – Macro Code De-obfuscation using Vbscript Debugger

Video: Text: Audience Level: Internet user, Mid level Analyst Prerequisite: Programming Language Introduction: Obfuscation: https://en.wikipedia.org/wiki/Obfuscation_(software) Infection Method: Malicious documents are mostly delivered through email campaigns. The attacker send the tailored email to the victim with the malicious email attachment or a malicious web link. Once the victim open the malicious document it will download the […]


Cyber Security with Amit Malik – Episode 1 – Macro Analysis

Video Link: Text: Audience Level: Beginner, Internet user Prerequisite: Python programming language Introduction: In this week I will discuss about the macro analysis since macros are one of the top threat today to compromise/infect the endpoint machines. These days the macro based downloaders download ransomeware, POS malware and other banking trojans so the investigation of […]


Detecting Malicious Processes Using Psinfo Volatility Plugin

In the previous post we looked at HollowFind Volatility plugin and saw how it can detect different process hollowing techniques and display those malicious processes which are victims of process hollowing . In this post lets look at another Volatility plugin called Psinfo. This plugin is similar to hollowfind plugin but instead of identifying the […]


Blackout – Memory Analysis of BlackEnergy Big dropper

In late December a cyber attack caused power outage for few hours in the Ivano-Frankivsk region in Ukraine as mentioned here. Threat researchers from ESET linked this attack to a malware called “BlackEnergy” which attacked electricity distribution companies in Ukraine. This blog post contains the memory analysis details of BlackEnergy big dropper (SHA-1:896FCACFF6310BBE5335677E99E4C3D370F73D96) mentioned in […]


Limon Sandbox for Analyzing Linux Malwares

A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform the target for malware attacks, so it becomes important to analyze the Linux malwares. Today, there is a need to analyze Linux malwares in an automated way to understand its capabilities. Limon is a sandbox […]


Setting up Limon Sandbox for Analyzing Linux Malwares

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools. Limon […]