Introduction: This year, in July, a new “MalDoc in PDF” attack which could evade detection and analysis was shared by JPCERT. This malware was polyglot, meaning a file that combine two or more file formats in a way that it could be executed as more than one file type by different…

Introduction: Earlier this year, in May, Rhysida, a new ransomware strain has surfaced. This ransomware operates on RaaS model. This ransomware is still at its early stage and its current version is called Rhysida 0.1. Although the ransomware is at its infancy, it has been linked to series of high-profile attacks…

This blog will be covering code level analysis of Black Basta 1.0 ransomware to unravel all the possible capabilities of this ransomware. And based on the analysis, the TTP of this ransomware will be broken down by referencing MITRE ATT&CK and YARA rules will be created for its detection. Why…

Background: In the recent month, there is misinformation circulating concerning leaks of private video of Nepali female celebrities. Following the Twitter thread from milann shrestha: I found that the misinformation of private videos of Nepali celebrities being leaked were shared and advertised via some impersonated Facebook pages of major news…

In the recent event of time, there has been increase in scam and malware incidents in Nepal. As a security analyst with prime interest in malware, I carried out my research. During my investigation, I came across a Facebook page, named Stock Trading Nepal. This page appeared to be offering…

We all use browser extension to add features and increase the functionality of website. But, there are a lot of malicious browser extension in the wild, which many people seems to ignore and install browser extension without much thinking from security perspective. In this blog, I will explain how a…