InQuest Blog

Posted on 2022-11-28 by Chase Sims
InQuest Labs has observed an uptick in TOAD (Telephone-oriented attack delivery) threat actors targeting personal and business email addresses, presumably in line with the coming holiday shopping season. Based on our research efforts, we have observed that they employ multiple team members to execute this attack. The threat actors themselves refer to these components as “customer support” and “the security team”
Posted on 2022-10-03 by David Ledbetter
In this post, I want to cover an item called "CustomXMLParts". Trying to look up this term you can find variations on what it is. In short, it is an XML container to store arbitrary data to be used in the document. The intention for it appears to give the developer a way to change the formatting of the Office document that is not already available or add additional functionality.
Posted on 2022-09-21 by David Ledbetter
In this series of five files, we have seen the evolution of this loader implementing new forms of obfuscation in the VBA as well as the shellcode as they steadily progress. We see that it uses Excel as well as Word documents. Since the files are ‘Zipped” then there is not an easy way to build detections against the compressed file. You can’t use size for sections because of different compression ratios.
Posted on 2022-09-16 by Pedram Amini
You can’t throw a rock these days without hitting a security threat intelligence feed. There is a veritable cornucopia of feeds provided by security solution vendors, vendors who focus solely on security research and, of course, public / open source agencies. Here at InQuest, we harvest hundreds of internal/proprietary, public, and private 3rd party threat intel sources for insight into today's attack types including sophisticated malware, ransomware, phishing lures, scams, fraud and other forms of malicious content.
Posted on 2022-09-14 by Pedram Amini
For years we’ve known the game of truly stopping cyber attackers should be to collect every possible piece of data, organize it in a manner that man/machine can assimilate it, analyze it, separate signal from noise, and take corrective action without disrupting business continuity - all before calamity strikes. Let’s assume for a moment that we have this Utopian defense.

Blog Archive

Subscribe to InQuest Insider


* indicates required