When it comes to cyber investigations, time management is critical. InQuest is excited to announce the integration of InQuest Labs Threat Intelligence into Recorded Future's Intel Cards. This consolidation dramatically increases the speed and efficiency of threat research and analysis.

Recorded Future Intel Cards provide actionable threat intelligence data neatly curated by investigation topic and presented in a comprehensive single view, saving analysts time otherwise spent connecting the dots themselves. The six Intel Card types are IP Address, Domain, Hash, Vulnerability, Malware, and Threat Actor.

Take a look at the Intel Cards and see the system that helps drive them InQuest Labs

InQuest Email Security Assessment

This month we harvested 918 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 415 (45%), and Google missed 672 (79%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

A Convoluted Infection Chain Using Excel

Posted on 2022-07-25 by David Ledbetter

Follow through the analysis of a heavily obfuscated maldoc. The analysis shows how to decode unescaped scripts and byte arrays to deliver a weaponized payload.

Green Stone

Posted on 2022-07-27 by Isabelle Quinn

A few days ago we discovered a very interesting sample that was uploaded from Iran. The document is a contract for the supply of services to an energy company from southern Iran. The document also contains a link to this energy company. www.tavangyl.com Since this family of malicious documents containing executable files was not previously known, we named it the Green Stone.

InQuest™ Labs Research Spotlight

Alan Framework

Alan Framework is a post-exploitation framework useful during red-team activities.

QuickBuck - Ransomware Simulator

The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware.

ImHex

A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Global Security Events

Blackhat USA Partner Reception

Join the Hunt on August, 11th from 5 to 8 at the 1923 Prohibition Bar directly off of Mandalay Bay's casino floor. No projectors, presos, or pitches. Just an informal gathering with industry veterans.

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

Microsoft found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.

How Threat Actors Are Adapting to a Post-Macro World

In response to Microsoft’s announcements that it would block macros by default in Microsoft Office applications, threat actors began using container files such as ISO and RAR, and Windows Shortcut (LNK) files in campaigns to distribute malware.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.