InQuest Blog

Posted on 2022-01-24 by Dmitry Melikov
Some time ago, we discovered a large wave of phishing emails with an exciting delivery method. This article will describe this method and show how it works, starting from a malicious document. We will explore the following documents, each with a beautiful visual lure that abuses the names and logos of Chase Bank and Bank of America.
Posted on 2021-12-28 by Dmitry Melikov
On December 9, 2021, a vulnerability (CVE-2021-44228) was published to the global information security community. Logging utility Log4j (version 2.0 to 2.15.0-rc2 version) contained a critical remote code execution (RCE) vulnerability, which was dubbed Log4Shell. If a threat actor manages to execute an exploit on a vulnerable machine, they are able to execute arbitrary code and potentially gain full control over the system.
Posted on 2021-12-20 by Nick Chalard
With the holiday season upon us and Log4j-nia still keeping most of us awake at night, we want to revisit an old chum who continues to operate in full swing amidst the chaos. With fresh tactics at their disposal, Dridex continues to target large organizations with somewhat elaborate lures to ensure user interaction and infection. On Monday, December 15th we noticed an uptick in the amount of verified malware hiding behind password-protected Microsoft Excel spreadsheets, specifically ones containing the dated "macrosheet" functionality.
Posted on 2021-11-23 by Dmitry Melikov
How does fishing work in real life? The fisherman chooses a suitable place for fishing, he chooses the right tools; a fishing rod or nets, and he also needs to choose the right bait. When everything is ready, he can expect a good degree of success. In fact, fishing in cyberspace is not that different from fishing in real life. A threat actor needs to choose the right tools. Depending on the purpose, he can use different tools; such as bankers to steal money or espionage tools to steal data. A threat actor can also use third-party tools such as Cobalt Strike or Metasploit, everything will depend on the goals.
Posted on 2021-11-02 by Dmitry Melikov
We found a wave of phishing documents that contained a very interesting lure. We researched the tactics of this attack in more depth and discovered some unique TTPs including the stage-2 blogspot service is marked as adult content requiring that you must be logged in as an authorized user with an account not less than 1 year old

Blog Archive

Subscribe to InQuest Insider

Subscribe

* indicates required