Skip to main content

InQuest Blog

Posted on 2021-06-16 by Dmitry Melikov
A few days ago, we found an interesting document in the wild that aims to download spyware applications. The sample in question shows low detection rates across multiple antivirus engines, which rouses our suspicion. The email containing the attachment document was allegedly sent from a logistics campaign.
Posted on 2021-05-26 by Dmitry Melikov
We have found an exciting document that hides a whole chain of PS scripts. Unfortunately, the original document has used a coercive lure to make the victim enable macros that drop malicious artifacts. This specific document's lure is written in French "BIENVENUE DANS WORD Microsoft Word a ete mise a jour avec succes"
Posted on 2021-05-11 by InQuest Labs Community User
A few days ago, someone uploaded an interesting OLE file to VirusTotal. It abuses the Kaspersky brand, and it is written in Russian and English language. Unfortunately, the original document uses a coercive lure, and the macros contain logic to download weaponized artifacts.
Posted on 2021-04-29 by Steve Esling
Making a good machine learning model involves more than just good data and well-selected features. Each model also has its own set of hyperparameters, variables which are set before training begins to influence how a given model learns. In this article, we go over grid search, a technique used to select the best hyperparameters for a model quickly and efficiently!
Posted on 2021-04-16 by Dmitry Melikov
It's no secret that today, targeted attacks and phishing attacks are the primary means of spreading malware. The purpose of which is to collect user data, theft banking data, and espionage. Threat Actors are constantly working to improve the tools they use. In this article, I will try to show you how the Hanictor group is improving their toolbox.

Blog Archive