From a VR student today on our ROP chain lessons. I'm dying 😂: "This week's been like"

Excited to add YARAify from our friends at abuse.ch to the Awesome-YARA list. YARAify: yaraify.abuse.ch Awesome-YARA: github.com/InQuest/awesom… #YARA #malware

A rather interesting obfuscated #maldoc uploaded from the IR country code. InQuest Labs: labs.inquest.net/dfi/hash/2f796… Macro downloads and runs 114f0a73818653616d41cf4380d3d987 from hxxps://windowsupdates.global.ssl.fastly[.]net/README.md #cobaltstrike #malware Dmitry Melikov 👏

🤖 Potentially malicious RTF document found hosted at: hxxps://[email protected]/mee/giv[.]doc SHA256: 3c0c6b9e259384a24123fa8d0f33366b0d6a99de759ac14af0c354a555443339 IOC extracted from sample: labs.inquest.net/dfi/hash/42f0a… (Automated Tweet, maybe a FP)

Microsoft Office has been a long favorite delivery mechanism for malicious payloads, from pen-testers to nation-state threat actor groups, and for good reason. Look back over the years detailing some of the most abused vulnerabilities. inquest.net/blog/2022/06/2… #malware #Follina

Multistage #Maldoc masquerading as a Ukrainian military payroll document. Obfuscated and geofenced to only infect UA systems. #Gamaredon APT Calling this one GlowSand. inquest.net/blog/2022/06/2… #ThreatIntelligence

When examining the modern threat landscape, empowering your security operations and overcoming the limitations inherent with other #Malware prevention solutions is imperative. A recent #Qbot campaign showcases the intricacies of detection. darkreading.com/perimeter/empo… #threatintel

A few days ago we discovered an interesting document spoofing contract for the supply of services to an energy company from southern Iran. Since this family of #maldocs was not previously known, we call it Green Stone. inquest.net/blog/2022/07/2… #ThreatHunting #ThreatIntel

Join the Hunt on August, 11th from 5 to 8 at the 1923 Prohibition Bar directly off of Mandalay Bay's casino floor. No projectors, presos, or pitches. Just an informal gathering with industry veterans. Register at inquest.net/blackhat #BlackHat22 #malware #ThreatIntelligence

File-borne attacks are a mainstay of the threat landscape and InQuest’s Pedram Amini takes a deep dive into File Detection and Response (FDR) as a way to prevent such attacks. He describes what automated threat hunting is and how it can make a difference. youtube.com/watch?v=G4rfzA…

Not sure what these bad actors fancy about Jon McGlone, but waves of #maldocs obfuscate stage-two with his website. Read through the attack-chain within this new blog: RTF files, Shellcode and More Shenanigans inquest.net/blog/2022/08/2… #ThreatIntel #malware

Excited to show part 4 of the File Detection and Response #FDR blog series from Pedram Amini How FDR Helps with the SecOps Staffing Dilemma inquest.net/blog/2022/09/0… #secops #CyberSecurityExpert

Password cracking for the win: labs.inquest.net/dfi/sha256/60c… Arabic language lure uploaded from Palestine. Passwords include "decrypt-zip2022" and "decrypt-office". Zero AV detections. The payload domain 'rep-console[.]com' is unresponsive, potentially geofenced, registered on 7/18.

Emotet is back, clever graphical coercion rule pretending to be an official Microsoft yellow "ribbon". Good pivot opportunity for collating samples: labs.inquest.net/dfi/search/ext… Sprinkle a little bash and JQ around github.com/inquest/python… and we can pull a list of payload domains...

InQuest Labs has observed an uptick in TOAD (Telephone-oriented attack delivery) threat actors targeting personal and business email, presumably in line with the coming holiday shopping season. Blog: inquest.net/blog/2022/11/2… #ThreatIntel #Phishing #cybersecurityawareness

The holidays are here. Be careful what gifts you open! inquest.net/blog/2022/12/1… #ransomware #threatintel

The Importance of Email Hygiene #Email hygiene in the world of security has to do with configuring a set of email authentication and verification methods for your domain. Free email hygiene analysis: fdr.inquest.net/automated-hygi… Blog: inquest.net/blog/2022/12/2…

🚀 InQuest & ThreatConnect, Inc. unite to revolutionize threat intelligence and cybersecurity. 🌐✨ bwnews.pr/48sqvVW 🔍 InQuest's unparalleled file-based analysis and unique threat intel now integrates seamlessly with ThreatConnect's TI Ops Platform. This powerful

Huge shout out to Peter Stewart, Yashraj Solanki, and Denice 🤠 for completing the #100DaysOfYARA challenge. We've published an overview post on the second half: inquest.net/blog/100-days-… ICYMI, our first post from the halfway mark can be found here: inquest.net/blog/100-days-…

🌐 Exciting news for online safety! 🌐 We're thrilled to announce our partnership with Quad9, bringing top-notch threat intelligence from InQuest to enhance internet security worldwide. Together, we're raising the bar against cyber threats like never before!