Have you ever wondered if the threat actor campaigns being blogged about by the top cybersecurity companies and researchers would be successful if they targeted your organization?

We scour hundreds of blogs and other SOCMINT/OSINT sources that have been published in the past day, collect mentioned samples, and (safely) test your email security stack against those threats.

Reach out to schedule a FREE Email Security Assessment.

InQuest Email Security Assessment

This month we harvested 519 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 128 (17%), and Google missed 329 (63%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest Blog Posts

What’s your name? … My how you have changed.

Posted on 2022-09-21 by David Ledbetter

In this series of five files, we have seen the evolution of this loader implementing new forms of obfuscation in the VBA as well as the shellcode as they steadily progress. We see that it uses Excel as well as Word documents. Since the files are "zipped" then there is not an easy way to build detections against the compressed file. You can’t use size for sections because of different compression ratios.

Hiding in the XML

Posted on 2022-10-03 by David Ledbetter

In this post, I want to cover an item called "CustomXMLParts". Trying to look up this term you can find variations on what it is. In short, it is an XML container to store arbitrary data to be used in the document. The intention for it appears to give the developer a way to change the formatting of the Office document that is not already available or add additional functionality.

InQuest Labs Research Spotlight

Mitmproxy 9

mitmproxy is an interactive man-in-the-middle proxy for HTTP and HTTPS with a console interface.

Artfuscator

A better approach towards psychological warfare against reverse engineers.

evilgophish

Combination of evilginx2 and GoPhish.

Global Security Events

Inside a US military cyber team’s defence of Ukraine

Russia failed to take down Ukrainian computer systems with a massive cyber-attack when it invaded this year, despite many analysts' predictions. The work of a little-known arm of the US military which hunts for adversaries online may be one reason.

Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign

Symantec has discovered a previously undocumented dropper that is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs.

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.