It's no secret that client-side attacks are a common source of compromise for many organizations. Web browser and e-mail borne malware campaigns target users through phishing, social engineering, and exploitation. Office suites from vendors such as Adobe and Microsoft are ubiquitous and provide a rich and ever-changing attack surface. Low user awareness and creative social engineering tactics frequently result in users consenting to the execution of malicious embedded logic such as macros, JavaScript, ActionScript, and Java applets.

Our curated gallery of malware lures is an ever-growing collection of images we extract from the millions of real-world malicious files we analyze daily. Malware operators prefer image-based lures over text-based ones as it creates a blind spot for any security solution not equipped with modern computer vision and text recognition models.

View more at the InQuest Malware Lures Gallery!

Latest InQuest™ Blog Posts

Cerbero Suite: The Hacker’s Multitool

Posted on 2020-10-13 by Erik Pistelli

Reverse engineering malicious documents with Cerbero Suite. The Hacker's Multitool provides functionality to aid in a multitude of analysis needs. With support for Office Documents, PDFs, images, Email, RTF, and SDK is just the beginning. There is also the flexibility to analyze Windows memory and crash dumps or to integrate with Ghidra. For in-depth malware analysis, make sure to subscribe to their YouTube channel.

Cybersecurity Awareness Month

Posted on 2020-10-26 by Josiah Smith

Cybersecurity Awareness Month was launched in 2004 as a broad effort to help all Americans stay safer and more secure online. Over the years, the program's themes have changed with technology and matured into a widespread initiative. This blog admires the effort of the security industry and governmental organization inspiring to create change and keep cyberspace safe.

InQuest™ Labs Research Spotlight

Aurora Incident Response

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders.

CobaltStrikeScan

Scans Windows process memory for evidence of DLL injection and performs a YARA scan on the target process' memory for Cobalt Strike v3 and v4 beacon signatures.

PhishingKit Hunter

A tool made for identifying phishing kits URLs used in phishing campaigns targeting your customers and using some of your own website files (as CSS, JS, ...).

Global Security Events

GRU Hackers' Destructive Malware and International Cyber Attacks

A federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU).

Microsoft and others orchestrate takedown of TrickBot botnet

Microsoft, ESET, Symantec, and partners spent months collecting more than 125,000 TrickBot malware samples, analyzing their content. With this information in hand, Microsoft went to court this month and asked a judge to grant it control over TrickBot servers.

Chrome zero-day in the wild

Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers. The vulnerability appears to relate to the memory-corruption flaw that causes heap buffer overflow in FreeType.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.