InQuest Blog

Posted on 2022-05-25 by Dmitry Melikov
Some time ago, we discovered an interesting company distributing malicious documents. Which used the download chain as well as legitimate payload hosting services. In this report, we will show the technical side of this campaign and provide additional indicators.
Posted on 2022-05-10 by Steve Esling
One of our mantras at InQuest is that “there is no silver bullet” and our platform is architected with this in mind. There are some great technologies that we both build on and integrate with and, where there are gaps, we engineer solutions. In a nutshell, we multiplex multiple technologies in tandem. Similarly, our open research portal empowers analysts to draw conclusions about a given sample through multiple lenses.
Posted on 2022-04-18 by Dmitry Melikov
A few days ago, we discovered an interesting sample that we believe is part of the Nobelium campaign, also known as Dark Halo. The document was uploaded to the VirusTotal service from Spain. It contains an attractive visual lure representing a document from the Israeli embassy. We will look at the threat vector and provide some indicators of attack that can help defenders identify or respond.
Posted on 2022-04-07 by Will MacArthur and Nick Chalard
Wading through observed threats to Ukraine leading up and into the Russian ground invasion. An overview of the threat landscape to be continuously updated as the situation on the ground evolves.
Posted on 2022-04-07 by Josiah Smith
To help guide the conversation and thought process, InQuest has developed multiple ROI Calculators that illustrate benefits with regard to time saved, volume processed, and capacity for organizational directors, hiring managers, threat hunters, security operation center (SOC) analysts, and email administrators. We provide sliders across these calculators for tuning variables to match your environment and level of skepticism around vendor claims.

Blog Archive

Subscribe to InQuest Insider

* indicates required

Already subscribed and want to unsubscribe? Please follow this link: Unsubscribe.