In recent months, there has been continuous media coverage of the geopolitical tensions in Eastern Europe around the threats of a Russian invasion of Ukraine. As one may expect, there has been an observable uptick in cyberattacks on related government networks and personnel.
Some time ago, we discovered a large wave of phishing emails with an exciting delivery method. This article will describe this method and show how it works, starting from a malicious document. We will explore the following documents, each with a beautiful visual lure that abuses the names and logos of Chase Bank and Bank of America.
With the holiday season upon us and Log4j-nia still keeping most of us awake at night, we want to revisit an old chum who continues to operate in full swing amidst the chaos.
Throughout InQuest's research into detecting maldocs, deserving attention has been given to the graphical asset that is used as the coercive lure. From "Worm Charming", InQuest's Malware Lures Gallery, and Optical Character Recognition inspection of the instructive text to enable embedded logic, uncountable wins have been brought to the community's attention. This quick blog details a couple of approaches for acquiring maldoc images without the need to open the document and copy the image.
A common tactic seen used in Phishing campaigns today is to embed the phish within Google's Firebase Cloud Storage platform called Firebase. Follow along with this workflow to analyze some phishing lures.
The holidays are here! The heavy rotation of holiday music fills our cars with songs like Feliz Navidad and Frosty the Snowman. YES, it is time for some stoplight karaoke with friends, and family (pets). Since this time of year is both fun and a bit stressful, we wanted to briefly go over some commonly observed threats that folks will encounter this holiday season and beyond.
ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization. In this post, we will go through the process of making a twitter bot.