InQuest Blog

Posted on 2022-08-17 by Michael Arcamone
We are excited to announce File Detection and Response (FDR) as the new moniker for InQuest solutions. I’d like to give you a little background on how this came about. As most of our readers know, InQuest is all about Deep File InspectionTM (DFI) and RetroHuntingTM, these two core technologies are what sets InQuest solutions apart from other file analysis solutions on the marketplace.
Posted on 2022-07-27 by Isabelle Quinn
A few days ago we discovered a very interesting sample that was uploaded from Iran. The document is a contract for the supply of services to an energy company from southern Iran «Tavangoostar Niro va Gashtavar Jonob». The document also contains a link to this energy company.

Since this family of malicious documents containing executable files was not previously known, we named it the Green Stone.
Posted on 2022-07-25 by David Ledbetter
Follow David Ledbetter through the analysis of a heavily obfuscated maldoc. The analysis shows how to decode unescaped scripts and byte arrays to deliver a weaponized payload.
Posted on 2022-07-04 by David Ledbetter
The purpose of InQuest Labs is to enable independent security researchers with a convenient mixture of files and threat intelligence. Users can register for free and interface via the UI/UX, an open API, or via a Python library / command-line interface. The InQuest team leverages this API to implement a variety of automations designed to surface novel threats, we call these "Special Operations" or SpecOps for short. One of these SpecOps actively follows links discovered in malicious documents. If the target of the link is a malicious file, and that link has not been widely reported, and the file has not been previously seen... then a Tweet is automatically posted. Recently, there's been a number of Tweets that reveal a common pattern, this blog post is a deep dive into these samples.
Posted on 2022-06-27 by Isabelle Quinn
Tools used by threat actors aimed at Ukraine and neighboring countries are constantly changing. Since in many cases the context of successful attacks is the use of documents in email attachments, we will consider some of the novelties of attackers that target Ukrainian government organizations. When these tools shattered like grains of sand, we named it GlowSand.

Blog Archive

Subscribe to InQuest Insider


* indicates required