Earlier this year, our friends at Abuse.ch officially announced in a tweet that their MalwareBazaar project was integrated with InQuest’s Deep File Inspection (DFI) analysis stack.

Some of you may have seen our analysis on MalwareBazaar already and even may have observed a link back to our own analysis platform. Looking at one of the latest files on MalwareBazaar, we found an excellent example that will familiarize and clarify the significance of this integration. Here is a recent sample for those not yet familiar with either platform

Take a look at some of the MalwareBazaar Samples on InQuest Labs!

InQuest Mail Provider Comparison

Monthly Email Stats Sent vs Blocked

35,222 / 33,278 (94.4%)

GSuite

35,222 / 33,552 (95.3%)

O365 ATP

35,222 / 33,548 (95.2%)

O365 ATP + Phishing

Latest InQuest™ Blog Posts

Unearthing Hancitor Infrastructure

Posted on 2021-04-16 by Dmitry Melikov

It's no secret that today, targeted attacks and phishing attacks are the primary means of spreading malware. The purpose of which is to collect user data, theft banking data, and espionage. Threat Actors are constantly working to improve the tools they use. In this article, I will try to show you how the Hanictor group is improving their toolbox.

An Exploration and Explanation of Randomized Parameter Optimization

Posted on 2021-04-29 by Steve Esling

Making a good machine learning model involves more than just good data and well-selected features. Each model also has its own set of hyperparameters, variables which are set before training begins to influence how a given model learns. In this article, we go over grid search, a technique used to select the best hyperparameters for a model quickly and efficiently!

InQuest™ Labs Research Spotlight

CHEPY

Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind Chepy to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner.

HardeningKitty

HardeningKitty supports hardening of a Windows system. The configuration of the system is retrieved and assessed using a finding list. In addition, the system can be hardened according to predefined values. HardeningKitty reads settings from the registry and uses other modules to read configurations outside the registry.

TryHackMe: YARA

This room will expect you to understand basic Linux familiarity, such as installing software and commands for general navigation of the system. Moreso, this room isn't designed to test your knowledge or for point-scoring. It is here to encourage you to follow along and to experiment with what you have learned here.

Global Security Events

New Nebulae Backdoor Linked with the NAIKON Group

NAIKON is a threat actor that has been active for more than a decade. Likely tied with China, the group focuses on high profile targets such as government agencies and military organizations in the South Asia region.

FBI shares 4 million email addresses used by Emotet with Have I Been Pwned

Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency’s effort to clean infected computers.

ISC urges updates of DNS servers to wipe out new BIND vulnerabilities

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.