<!doctype html>

InQuest is excited to live on the bleeding edge of malware discovery and be the first to detect attacks targeting the CVE-2021-40444 0-day vulnerability.

This critical Microsoft MSHTML vulnerability will undoubtedly become a prized, click-free malware delivery mechanism. Threat actors have already leveraged the exploitation technique to drop various malware payloads, including Formbook and CobaltStrike. Read more within this Blog that details some of our initial observations.


Contact Us to learn more about InQuest's Deep File Inspection!

InQuest Mail Provider Comparison
This month we tested 22,843 malicious file samples against Google and Microsoft's email defenses, and here's what made it through:

1,029 (4.7%) Missed


4,769(26.3%) Missed

O365 ATP + Phishing
InQuire for a free, personalized email security assessment!
Latest InQuest™ Blog Posts


Posted on 2021-09-13 by Nick Chalard and Dmitry Melikov

As we roll into autumn and the season changes, so does the threat landscape. The emergence of new CVE signals another arms race with both sides vying for effectively leveraging the exploit and understanding how to mitigate the effects respectively. As with all Common Vulnerabilities and Exposures, comes questions such as “How does this affect me or my organization?” and “What can I do to mitigate this?” The focus of this blog is to explore these concerns as well as provide further context surrounding CVE-2021-40444 and the initial maldoc delivery.

Read more

Rechnung Financial Malspam

Posted on 2021-09-29 by Dmitry Melikov

Protecting an organization from today's cyber threats is not a simple and extensive task. The threat landscape is constantly changing, requiring a flexible approach to defense. The threats, techniques and vulnerabilities that cybercriminals exploit may be unknown to organizations that provide protection to their users. This is a prime example of the exploitation of a critical vulnerability. An exploit that was found in the wild.

Read more
InQuest™ Labs Research Spotlight


Use mlget to query multiple sources for a given malware hash and download it. The thought is to save time querying each source individually.

Read more


Yobi is a basic firefox extension which allows to run public or private YARA rules on all scripts and pages rendered by the browser. Yobi saves files that trigger its rules and allows further inspection of them.

Read more


Programmatically collect normalized news from (almost) any website. Filter by topic, country, or language.

Read more
Global Security Events

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center identified a small number of attacks that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders.

Read more

Russia arrests top cybersecurity executive in treason case

Russian authorities have arrested the chief executive of a leading Russian cybersecurity company on suspicion of state treason, a court said on Wednesday, sending a chill through Russia's IT and business sectors. Ilya Sachkov, 35, who founded Group IB, one of Russia's most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm.

Read more

He Escaped the Dark Web's Biggest Bust. Now He's Back

JUST OVER FOUR years ago, the US Department of Justice announced the takedown of AlphaBay, the biggest dark web market bust in history. Thai police arrested the site's 26-year-old administrator, Alexandre Cazes, in Bangkok, and the FBI seized AlphaBay's central server in Lithuania, wiping out a marketplace that was selling hundreds of millions of dollars a year worth of hard drugs, hacked data, and other contraband to its 400,000-plus registered users.

Read more
InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2021