Skip to main content

InQuest Blog

Posted on 2020-06-30 by Nick Chalard
So you want to add a little spice to your indicators of compromise. After all, an IoC without context or attribution is very much like when you learn what hot is. There are many tools available for us to determine how “hot” an IoC is without burning ourselves. We will be focusing mainly on what we can access publicly and use for free.
Posted on 2020-05-12 by Josiah Smith
Beyond the capability of identifying, extracting, and exposing malicious content from hundreds of file types. InQuest Deep File Inspection (DFI) utilizes machine vision and optical character recognition (OCR) to identify the social engineering component of a variety of malware lures. This is one of the myriads of techniques that we employ to detect novel malware that may leverage previous unseen pivots.
Posted on 2020-05-06 by William MacArthur, Amirreza Niakanlahiji, and Pedram Amini.
In this blog, we dissect a novel and stealthy Excel Macrosheet fueled malware campaign that currently bypasses most protection stacks to deliver ZLoader to its victims. We trace the earliest appearance to Monday, May 4th (Star Wars Day), and continue to actively track this evolving campaign.
Posted on 2020-04-21 by Josiah Smith
Whether it’s intellectual property, proprietary code, personal data, or financial information, the goal of information security is to protect those assets. However, data-breaches have become common-place and resulted in an average cost of $3.92 M in 2019 per Digital Guardian.
Posted on 2020-03-20 by William MacArthur
In this quick, end of the week post, we wanted to touch on the ubiquitous COVID-19 (aka Corona Virus). Sharing an interesting lure, related malware, and some IOCs for colleagues to dig into while society on a whole is relegated to solitude in our homes. Our posting here is in no way comprehensive. There is a myriad of malware campaigns, disinformation operations, and general scamming revolving around the very concerning topic. Our goal is to further awareness and share some knowledge in the process.

Blog Archive