We are excited to announce File Detection and Response (FDR) as the new moniker for InQuest solutions. I’d like to give you a little background on how this came about. As most of our readers know, InQuest is all about Deep File InspectionTM (DFI) and RetroHuntingTM, these two core technologies are what sets InQuest solutions apart from other file analysis solutions on the marketplace. But there is a broader story at play here - what we call the ‘end-user security gap’.

The evidence is compelling. You need not read any further than the 2022 Verizon DBIR to realize that the vast majority of malware, ransomware, exploitation, phishing, scam, and fraud issues can be traced back to a user opening a file that cleverly and unknowingly delivers a malicious payload.

Get Michael Arcamone’s (CEO) take on InQuest FDR in this blog.

Also, you can get a more in-depth understanding of FDR by checking out our InQuest FDR 6-part blog/video series from Pedram Amini (CTO). The first article is here.

InQuest Email Security Assessment

This month we harvested 948 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 481 (51%), and Google missed 496 (52%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest Blog Posts

Pulling together the pieces to build the puzzle

Posted on 2022-08-18 by David Ledbetter

Follow along through the dissection and analysis of an oddly obfuscated maldoc that ultimately delivers the well-known GOZI ISFB banking trojan.

Office Files, RTF files, Shellcode and more shenanigans

Posted on 2022-08-29 by David Ledbetter

In a previous post, we discussed the “@” symbol used to separate an apparent legitimate URL from the real target. In this case, there has been a small flood using the URL of “http://jmcglone.com@” with many different URLs or IP addresses after the “@” symbol.

InQuest Labs Research Spotlight

Unpackers and Config Extractors

Tooling to unpack and extract configurations for a variety of malware families.

Ghidrathon

Ghidrathon is a Ghidra extension that adds Python 3 scripting capabilities to Ghidra. Why? Ghidra natively supports scripting in Java and Jython.

wtfis

Passive host and domain name lookup tool for non-robots.

Global Security Events

Brute Ratel: The New Red Teaming Tool Coopted by CTAs

Brute Ratel is a legitimate red team analysis and adversary simulation tool. It has functionality that's similar to Cobalt Strike; teams can use it for reconnaissance, browser pivoting, payload attachments, and other purposes.

From Ramnit To Bumblebee: Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan

H1 2022: Malware and Vulnerability Trends Report

This report examines trends in malware use, distribution, and development, and high-risk vulnerabilities disclosed by major hardware and software vendors between January 1 and June 30, 2022.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.