InQuest Blog

Wading through observed threats to Ukraine leading up and into the Russian ground invasion. An overview of the threat landscape to be continuously updated as the situation on the ground evolves.

To help guide the conversation and thought process, InQuest has developed multiple ROI Calculators that illustrate benefits with regard to time saved, volume processed, and capacity for organizational directors, hiring managers, threat hunters, security operation center (SOC) analysts, and email administrators. We provide sliders across these calculators for tuning variables to match your environment and level of skepticism around vendor claims.

We uncovered a very interesting document that was observed impersonating the United States Securities and Exchange Commission. It is our assumption with a high degree of probability that an attacker called Cloud Atlas is responsible for this malicious campaign. Initially, this sample collects information about the system it is running on, which is then exfiltrated to the remote server.

Some time ago, we discovered a novel payload delivery method in malicious documents. The focus of this article is to explore this technique via samples of the document. The treat sequencing follows the chain of a malicious spreadsheet that downloads an archive containing thinBasic binaries and a malicious thinBasic script.

Over the recent months, the media coverage of tensions in Eastern Europe and Ukraine have been in steady circulation. As a result, cyberattacks on government networks and networked resources have seen an uptick. A notable case involves systems of organizations targeted with files subject to destruction by the so-called #WhisperGate malicious program.