Back in January 2021, security researchers rejoiced as a global sting operation by law enforcement agencies seemingly dismantled the Emotet botnet for good.

But in the past few weeks, InQuest Lab's telemetry has indicated that Emotet is back in operation, prompting fears of subsequent campaigns of malicious activity.

InQuest Labs has some recent samples!

InQuest Email Security Assessment

This month we harvested 754 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 261 (35%), and Google missed 703 (93%). The distribution of misses by file kind is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

Graphical Lures In The Age of Cybercrime

Posted on 2021-11-23 by Dmitry Melikov

How does fishing work in real life? The fisherman chooses a suitable place for fishing; he chooses the right tools, a fishing rod or nets, and he also needs to choose the right bait. When everything is ready, he can expect a good degree of success. Fishing in cyberspace is not that different from fishing in real life. A threat actor needs to choose the right tools. Depending on the purpose, they can use different tools, such as bankers to steal money or espionage tools to steal data. A threat actor may also use third-party tools such as Cobalt Strike or Metasploit, at their discretion to suit their needs.

Adults Only Malware Lures

Posted on 2021-11-02 by Dmitry Melikov

We found a wave of phishing documents that contained a very interesting lure. We researched the tactics of this attack in more depth and discovered some unique TTPs, including the stage-2 blogspot service is marked as adult content requiring that you must be logged in as an authorized user with an account not less than one year old.

InQuest™ Labs Research Spotlight

ThreatCheck

Takes a binary as input (either from a file on disk or a URL), splits it until it pinpoints the exact bytes that the target engine will flag on, and prints them to the screen.

Hardentools

Hardentools is designed to disable a number of "features" exposed by operating systems and some widely used applications. These features are generally useless to regular users and are commonly abused by attackers.

Phishious

Phishious is an open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers. Phishious provides the ability to see how various Secure Email Gateway technologies behave when presented with phishing material.

Global Security Events

Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker

Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes.

Tardigrade: An APT attack on vaccine manufacturing infrastructure

A large bio facility was involved in a cyberattack in Spring 2021. Through the subsequent investigation, a malware loader was identified that demonstrated a high degree of autonomy as well as metamorphic capabilities.

A Canadian Teen Was Arrested in a $36.5M SIM-Swap Heist

In a “kids these days” for the record books, a Canadian teen was arrested this week for allegedly stealing $36.5 million worth of cryptocurrency from a single US victim. That's the largest theft of its kind.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.