InQuest Labs has been mapping our signature base against the MITRE ATT&CK™ Framework to categorize adversary behavior during cyberattacks and adversary emulation.

ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies.

The flexibility to pivot on signatures that map to the ATT&CK™ Framework has provided a robust threat hunting platform in conjunction with threat and data-loss monitoring.

Solutions overview 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png
Latest InQuest™ Blog Posts

Field Notes: Multistage Maldoc Delivers Executable Masked as JPG

Posted on 2019-11-13 by Josiah Smith

Our "Field Notes" blog series provides interested readers with a quick analysis of exciting samples that the InQuest Labs team encounters in-the-wild or harvested via the InQuest Labs Platform. Readers are encouraged to utilize this open data portal for the discovery of unique samples that are available for search and download.

Read more be8ff157-d269-49de-8931-52c1115b706e.png

Holiday Blog: Tis the Season

Posted on 2019-11-27 by William MacArthur

The holidays are here! The heavy rotation of holiday music fills our cars with songs like Feliz Navidad and Frosty the Snowman. YES, it is time for some stoplight karaoke with friends, and family (pets). Since this time of year is both fun and a bit stressful, we wanted to briefly go over some commonly observed threats that folks will encounter this holiday season and beyond.

Read more be8ff157-d269-49de-8931-52c1115b706e.png
InQuest™ Labs Research Spotlight


Cyberduck is a libre FTP, SFTP, WebDAV, Amazon S3, Backblaze B2, Azure, OneDrive, and OpenStack Swift file transfer client for Mac and Windows.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png


An open-source threat intelligence framework that automates extracting artifacts and IOCs from Windows, Linux, Android, Blackberry, macOS binaries and more.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png


Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png
Global Security Events

We Don’t Want White Font: Office Macros, Evasion, and Malicious Self-Reference

Rapid7 identified the increased use of a type of malicious document that leverages malformed document headers, white fonts to hide obfuscated JScript code, and embedded VBA macros that execute the document’s contents using WScript.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png

Wireshark Tutorial: Examining Trickbot Infections

This tutorial offers tips on how to identify Trickbot, an information stealer, and banking malware that has been infecting victims since 2016. Trickbot is distributed through malicious spam (malspam), and it is also distributed by other malware such as Emotet, IcedID, or Ursnif.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png

Hunting for LoLBins

Attackers' trends tend to come and go. But one popular technique we see at this time is the use of living-off-the-land binaries — or "LoLBins." LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve the chances of staying undetected within an organization, usually during post-exploitation attack phases.

Read more 74366b2a-8b45-4ad8-b7da-ffa64cf0ed87.png
InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2019

This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences