Full analysis of the main driver used in the second variation of Sandworm’s BlackEnergy malware. The malware was launched against the country of Georgia during the Russo-Georgian conflict.

This repo contains every script written during the analysis, the examined driver itself, and the memory image.

You are welcome to read the analysis in English or in Hebrew.