February 2023

Microsoft OneNote is a file type now entrenched in the ongoing saga of abused file formats leveraged by adversaries to reach through defenses and deliver malware payloads to end users. Recently, we have seen OneNote's sudden rise to prominence, following a pattern of other types of files used in the same capacity.

December 2022

Those who keep tabs on ransomware are no doubt aware of the Black Basta ransomware group. They’ve gained their share of notoriety since some of the group’s malicious code was first detected back in April of 2022.

November 2022

Key Takeaways: TOAD (Telephone-oriented attack delivery) threat actors are still an active threat in Q4 2022 with no indications of attacks diminishing in the near future.InQuest believes that attacks will likely increase in frequency as we enter th

September 2022

For several months I have seen documents with an embedded file and 2 versions of shellcode in the document property values for “Company” and “category”. The VBA code also makes use of “custom.xml” to get obfuscated custom properties for use in the vba. Looking around the only information I have seen so far was this great write-up by HP Threat Research located here.
=""> You can’t throw a rock these days without hitting a security threat intelligence feed. There is a veritable cornucopia of feeds provided by security solution vendors, vendors who focus solely on security research and, of course, public / open source agencies.

August 2022

The threat landscape is said to be changing all the time. But is it really? In some ways yes, in some ways no.

June 2022

Without doubt, one of the hottest and most stressful regions on the planet currently is Eastern Europe. The military conflict that has been ongoing for more than 4 months has unfortunately claimed many victims and is fueling an economic and food crisis in several nations spanning across the globe. This far reaching tension also bleeds into cyberspace.

April 2022

February 2022

In recent months, there has been continuous media coverage of the geopolitical tensions in Eastern Europe around the threats of a Russian invasion of Ukraine. As one may expect, there has been an observable uptick in cyberattacks on related government networks and personnel.

January 2022

Some time ago, we discovered a large wave of phishing emails with an exciting delivery method. This article will describe this method and show how it works, starting from a malicious document. We will explore the following documents, each with a beautiful visual lure that abuses the names and logos of Chase Bank and Bank of America.

December 2021

With the holiday season upon us and Log4j-nia still keeping most of us awake at night, we want to revisit an old chum who continues to operate in full swing amidst the chaos.

January 2021

Throughout InQuest's research into detecting maldocs, deserving attention has been given to the graphical asset that is used as the coercive lure. From "Worm Charming", InQuest's Malware Lures Gallery, and Optical Character Recognition inspection of the instructive text to enable embedded logic, uncountable wins have been brought to the community's attention. This quick blog details a couple of approaches for acquiring maldoc images without the need to open the document and copy the image.

July 2020

A common tactic seen used in Phishing campaigns today is to embed the phish within Google's Firebase Cloud Storage platform called Firebase. Follow along with this workflow to analyze some phishing lures.

November 2019

The holidays are here! The heavy rotation of holiday music fills our cars with songs like Feliz Navidad and Frosty the Snowman. YES, it is time for some stoplight karaoke with friends, and family (pets). Since this time of year is both fun and a bit stressful, we wanted to briefly go over some commonly observed threats that folks will encounter this holiday season and beyond.

March 2019

ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization. In this post, we will go through the process of making a twitter bot.