The InQuest Insider
October 26, 2018
Tools and Tips
Multi-Scanning Engine Integration

Most modern anti-malware solutions have limitations when it comes to the detection, inspection, and mitigation of embedded file content. This results from the tendency of malware to be nested in multiple layers of an application, making its detection extremely difficult. InQuest’s platform enables users to create and apply custom static analysis signatures leveraging the same performance and deep analytics benefits as the rest of the platform. This allows for multi-engine scanning using the latest information about emerging malware threats.

In addition to the onboard, multi-scanning that InQuest provides from numerous Threat Discovery Engines, we also have an external integration with OPSWAT’s Advanced Threat Prevention Platform. OPSWAT pioneered the concept of combining the scanning results of multiple antiviruses to produce a more accurate determination of the probability that a given file is malicious.

The OPSWAT Metadefender Platform is a hardware appliance that scans a file using over thirty major antivirus engines to maximize the probability that known malware is correctly identified.

Click below to learn more about how we beat traditional Anti-Virus

Read More
Latest InQuest Blog Posts
Dissecting TrickBot
Adam Swanda / 2018-10-09

After the demise of the Dyreza banking malware, the banking trojan vacuum was filled by the TrickBot malware family. TrickBot is an advanced banking and information stealing trojan which is modular in design and can propagate through a network .

Read More
Stringless YARA Rules
Rob King / 2018-09-30

At InQuest, YARA is one of the many tools we use to assist in deep-file inspection. Since InQuest operates at line speed in very high-traffic networks, our rules need to be just as fast. Here we examine how to optimize YARA signatures to increase performance.

Read More
Emotet phishing campaign
Adam Swanda / 2018-09-03

Emotet is one of the most prevalent malware families in the cybercrime realm in 2018. In this case we will look at an Emotet phishing campaign that led to the delivery of not just one malware family but three; AZORult, IcedID, and TrickBot.

Read More
InQuest Labs Research Spotlight
An extendable tool to extract and aggregate IOCs from threat sources.
Read More
Interactive OSINT artifact enrichment and management framework.
Read More
Advanced and customizable Indicator of Compromise extractor.
Read More
Global Security Events
FireEye attributes TRITON malware to Russian laboratory

FireEye Intelligence reports that a Russian government-owned laboratory has ties to the development of the Industrial Control malware TRITON, and a new malware family known as TEMP.Veles.

Read More
Remote exploitation vulnerability in LibSSH affects multiple vendors

The CVE-2018-10933 vulnerability in libssh allows attackers easy access to vulnerable SSH servers by modifying a message during the authentication process.

Read More
Cyber-espionage campaign Operation Oceansalt targets US, Canada, and South Korea

A new cyber-espionage operation by unknown threat actor focusing on data reconnaissance targets institutions in multiple countries.

Read More
Useful Links
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here:
Copyright © InQuest 2018