InQuest is excited to announce the upcoming integration with the ThreatConnect Threat Intelligence Platform.

This integration allows the ingestion of InQuest Indicators of Compromise (IOCs) into the Threat Connect Platform. The IOCs are sourced from a variety of aggregate and propriety sources, including InQuest Reputation database, InQuest ingested IOC database, InQuest Deep File Inspection (DFI) IOCs, and InQuest Labs Command and Control (C2) infrastructure research. IOCs from DFI and InQuest Labs require a premium subscription, while the others are provided free of cost.

InQuest Mail Provider Comparison

Monthly Email Stats Sent vs. Blocked

10,493 (33.7%) Missed

GSuite

1,584 (5.1%) Missed

O365 ATP

1,559 (5.0%) Missed

O365 ATP + Phishing

Latest InQuest™ Blog Posts

Dive Into Cobalt Strike

Posted on 2021-05-11 by InQuest Labs Community User

A few days ago, someone uploaded an interesting OLE file to VirusTotal. It abuses the Kaspersky brand, and it is written in Russian and English language. Unfortunately, the original document uses a coercive lure, and the macros contain logic to download weaponized artifacts.

PSChain

Posted on 2021-05-26 by Dmitry Melikov

We have found an exciting document that hides a whole chain of PS scripts. Unfortunately, the original document has used a coercive lure to make the victim enable macros that drop malicious artifacts. This specific document's lure is written in French "BIENVENUE DANS WORD Microsoft Word a ete mise a jour avec succes"

InQuest™ Labs Research Spotlight

StormKitty

Stealer + Clipper + Keylogger

Stealer written on C#, logs will be sent to a Telegram bot. Read more

AndroRAT

AndroRAT is a tool designed for remote access and data retrieval on Android Systems

Labeled-Elfs

A collection of well-labeled ELF binaries compiled from benign and malicious code in various ways. Great for exploring similarity in executables and training various ML models.

Global Security Events

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

New sophisticated email-based attack from NOBELIUM

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.

Colonial hack exposed government’s light-touch oversight of pipeline cybersecurity

Three times over the last year, Colonial Pipeline and the Transportation Security Administration discussed scheduling a voluntary, in-depth cybersecurity review — an assessment the federal agency began doing in late 2018 to strengthen the digital defenses of oil and natural gas pipeline companies.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.