InQuest Blog

Posted on 2021-05-26 by Dmitry Melikov
We have found an exciting document that hides a whole chain of PS scripts. Unfortunately, the original document has used a coercive lure to make the victim enable macros that drop malicious artifacts. This specific document's lure is written in French "BIENVENUE DANS WORD Microsoft Word a ete mise a jour avec succes"
Posted on 2021-05-11 by InQuest Labs Community User
A few days ago, someone uploaded an interesting OLE file to VirusTotal. It abuses the Kaspersky brand, and it is written in Russian and English language. Unfortunately, the original document uses a coercive lure, and the macros contain logic to download weaponized artifacts.
Posted on 2021-04-29 by Steve Esling
Making a good machine learning model involves more than just good data and well-selected features. Each model also has its own set of hyperparameters, variables which are set before training begins to influence how a given model learns. In this article, we go over grid search, a technique used to select the best hyperparameters for a model quickly and efficiently!
Posted on 2021-04-16 by Dmitry Melikov
It's no secret that today, targeted attacks and phishing attacks are the primary means of spreading malware. The purpose of which is to collect user data, theft banking data, and espionage. Threat Actors are constantly working to improve the tools they use. In this article, I will try to show you how the Hanictor group is improving their toolbox.
Posted on 2021-03-31 by William MacArthur
What we all need now and again is some exciting news, and since we have some, we wanted to make an article to share it! Earlier this month, our friends at Abuse.ch officially announced in a tweet that their MalwareBazaar project has integrated with InQuest’s Deep File Inspection (DFI) analysis stack.

Blog Archive