InQuest Blog

Adults Only Malware Lures

Posted on 2021-11-02 by Dmitry Melikov

We found a wave of phishing documents that contained a very interesting lure. We researched the tactics of this attack in more depth and discovered some unique TTPs including the stage-2 blogspot service is marked as adult content requiring that you must be logged in as an authorized user with an account not less than 1 year old

How Email Works

Posted on 2021-10-27 by Isabelle Quinn

In Part 1 of the Email Security Blog series, we discuss how email works. Read through the process, a description of different mail protocols, and some key terminology. The second part of the series will cover how the InQuest Email Security capability is installed, while the final part will cover the features to include detection or prevention for ransomware, VIP impersonation, phishing, password-protected attachments, invoice fraud, crypto scams, brand impersonation, and other forms of ever-evolving social engineering.

Advanced Qbot Downloader

Posted on 2021-10-19 by Dmitry Melikov

A few days ago, we discovered a wave of phishing emails with an attached document. The fact is that a considerable number of samples had zero detection on the VT service. While several files had no AV detection for some time, we decided to focus on this wave and explore it in more detail.

Rechnung Financial Malspam

Posted on 2021-09-29 by Dmitry Melikov

Protecting an organization from today's cyber threats is not a simple and extensive task. The threat landscape is constantly changing, requiring a flexible approach to defense. The threats, techniques and vulnerabilities that cybercriminals exploit may be unknown to organizations that provide protection to their users. This is a prime example of the exploitation of a critical vulnerability. An exploit that was found in the wild.

CVE-2021-40444

Posted on 2021-09-13 by Nick Chalard and Dmitry Melikov

As we roll into autumn and the season changes, so does the threat landscape. The emergence of new CVE signals another arms race with both sides vying for effectively leveraging the exploit and understanding how to mitigate the effects respectively. As with all Common Vulnerabilities and Exposures, comes questions such as “How does this affect me or my organization?” and “What can I do to mitigate this?” The focus of this blog is to explore these concerns as well as provide further context surrounding CVE-2021-40444 and the initial maldoc delivery

Blog Archive

2023
- May
  - Highlight of an Email Attack Simulation Bypass
  - 100 Days of YARA: Everything You Need to Know
  April
  - Shifting Left in Cybersecurity: Balancing Detection and Prevention - Part 2
  - Shifting Left in Cyber Security - Part 1
  March
  - Credential Caution: Exploring the New Public Cloud File-Borne Phishing Attack
  February
  - You’ve Got Malware: The Rise of Threat Actors Using Microsoft OneNote for Malicious Campaigns
  January
  - ThreatIngestor Release v1.0.2
  - At Least 4 New Reasons Every Day To Check Your Email Security Stack

2022
- December
  - The Importance of Email Hygiene
  - Black Basta: Riding the Crimeware Sleigh
  November
  - Don’t Get Caught Under The MistleTOAD
  October
  - Hiding in the XML
  September
  August
  July
  June
  - GlowSand
  - Follina, the Latest in a Long Chain of Microsoft Office Exploits
  May
  - Tandem Espionage
  - Detection Multiplexing
  April
  March
  - Cloud Atlas Maldoc
  February
  - Dangerously thinBasic
  - +380-GlowSpark
  January
  - 2022-01 AsyncRAT
  - Analysis of a Remcos RAT Dropper

2021
- December
  - Log4Shell
  - (Don't) Bring Dridex Home for the Holidays
  November
  - Graphical Lures In The Age of Cybercrime.
  - Adults Only Malware Lures
  October
  - How Email Works
  - Advanced Qbot Downloader
  September
  - Rechnung Financial Malspam
  - CVE-2021-40444
  August
  - The Trystero Project
  - Kimsuky Espionage Campaign
  July
  - Espionage Utilizing Mobile Devices
  - IcedID: 07.07.21
  June
  May
  - PSChain
  - Dive Into Cobalt Strike
  April
  - An Exploration and Explanation of Randomized Parameter Optimization
  - Unearthing Hancitor Infrastructure
  March
  - InQuest & MalwareBazaar Integration
  - Mail Provider Comparison
  February
  - Cracking Password Protected Payloads
  January
  - Carving Images for Leisure and Gain
  - String Encoding and YARA... Oh My

2020
- December
  - Social Engineering Attacks And E-mail Security
  - Clustering for Classification: Using Unsupervised Learning for Label Expansion
  November
  - The Trystero Project: A Comparison of Mail Providers
  - SOC-Class: Use Case Development
  October
  - Cybersecurity Awareness Month
  - Cerbero Suite: The Hacker’s Multitool
  September
  - InQuest Labs Year in Review
  - IQ-FA009:QBot OOXML
  August
  - Detection in Depth
  - Persian Kitties Hiding Benign Executables
  July
  June
  - Get The Most Out Of Your IoC: The Beginner’s Guide
  May
  April
  - Deep File Inspection for Data Leakage
  March
  - COVID-19 Scare Tactics: Want to buy some masks?
  - Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros
  February
  - Reverse Engineering on Windows: A Focus on Malware
  - Hiding In Plain Sight
  January
  - Pyramid of Pain Vs. The Iceberg of Inspection
  - Internship Retrospective

2019
- December
  - Threat Hunting On Your Own Network With InQuest
  - Ransomware in Your Stocking
  November
  - Holiday Blog: Tis' the Season
  - Field Notes: Multistage Maldoc Delivers Executable Masked as JPG
  October
  - Base64 Encoded Regular Expressions for Fun and Profit
  - Programmatic Interaction with InQuest Labs via Python
  September
  - Adobe XMP: Tales of an Overlooked Anchor
  - Advanced Support for the SOC Hunter
  August
  July
  - Base64 Encoded Powershell Pivots
  - Emotet, Unmasking via Machine Learning
  June
  - YARA For Everyone: Sharing is Caring
  May
  - Abusing Registration-Free COM Interop
  April
  - Analysis of an Interesting Malicious HTA File
  March
  - Making a Twitter Bot with ThreatIngestor
  - Analyzing Sophisticated PowerShell Targeting Japan
  February
  - Family Matters: Using MinHash to Cluster Data
  - Quick Analysis of A Customer Malspam Encounter
  January
  - Extracting "Sneaky" Excel XLM Macros
  - Detecting Empire with InQuest

2018
- December
  - Ex Machina: A Frolic through the Forests
  - Short-Circuiting Boolean Operators in YARA
  November
  - Ex Machina: Man + Machine
  September
  - Stringless YARA Rules
  July
  - Field Notes: Malicious HFS Instances Serving Gh0stRAT
  May
  April
  March
  - InQuest Provides Zero-Day Coverage Against Advanced Threats via Partner Exodus Intel
  - Defense in Depth: Detonation Technologies
  February
  - An Introduction to Deep File Inspection
  - Adobe Flash MediaPlayer DRM Use-After-Free Vulnerability
  January
  - InQuest Deployed by DISA in the Joint Regional Security Stack (JRSS)

2017
- October

InQuest Blog

Adults Only Malware Lures

How Email Works

Advanced Qbot Downloader

Rechnung Financial Malspam

CVE-2021-40444

Blog Archive

Blog Tags

Subscribe to InQuest Insider

Overview

What is FDR?

Technology

Core Features

Benefits

Differentiation

Solutions

Solutions

File-borne Attack Use Cases

Threat Hunting Use Cases

SOC ROI Use Cases

Products & Services

Products

Services

Pricing

Resources

Company

InQuest Blog

Adults Only Malware Lures

How Email Works

Advanced Qbot Downloader

Rechnung Financial Malspam

CVE-2021-40444

Blog Archive

Blog Tags

Subscribe to InQuest Insider

Subscribe