Huge shout out to @petermstewart,
@RustyNoob619, and @de3ev for completing the #100DaysOfYARA challenge. We've published an overview post on the second half:
https://t.co/6wibjvplBk
ICYMI, our first post from the halfway mark can be found here:
https://t.co/Dh86euoTbH
We're avid users and huge fans of YARA at InQuest. If anyone has additions to the Awesome YARA project, please reach out, open an issue, or better yet a PR:
https://t.co/bBtEA2rq8e
🌐 Exciting news for online safety! 🌐
We're thrilled to announce our partnership with @Quad9DNS, bringing top-notch threat intelligence from @InQuest to enhance internet security worldwide. Together, we're raising the bar against cyber threats like never before!
https://t.co/7WUZe8jH9w
#CyberSecurity #Partnership
🚀 InQuest & @ThreatConnect unite to revolutionize threat intelligence and cybersecurity. 🌐✨ https://t.co/YeC8IR3jP4
🔍 InQuest's unparalleled file-based analysis and unique threat intel now integrates seamlessly with ThreatConnect's TI Ops Platform. This powerful collaboration offers CTI analysts and security teams advanced indicators of compromise (IOCs) to enhance detection capabilities, minimize false positives, and stay ahead of cyber threats. 🛡️💻
#CyberSecurity #ThreatIntelligence #SecurityOps #ThreatDetection #ThreatPrevention #InfoSec #SIEM #ThreatHunting
The Importance of Email Hygiene
#Email hygiene in the world of security has to do with configuring a set of email authentication and verification methods for your domain.
Free email hygiene analysis: https://t.co/nNvQm10DYE
Blog: https://t.co/N2OzIGJT60
InQuest Labs has observed an uptick in TOAD (Telephone-oriented attack delivery) threat actors targeting personal and business email, presumably in line with the coming holiday shopping season.
Blog: https://t.co/fLXBSqR641
#ThreatIntel#Phishing#cybersecurityawareness
Emotet is back, clever graphical coercion rule pretending to be an official Microsoft yellow "ribbon". Good pivot opportunity for collating samples:
https://t.co/AOIcgfllYi
Sprinkle a little bash and JQ around https://t.co/pn9O45lead and we can pull a list of payload domains...
Password cracking for the win:
https://t.co/CpY55gQu5L
Arabic language lure uploaded from Palestine. Passwords include "decrypt-zip2022" and "decrypt-office". Zero AV detections. The payload domain 'rep-console[.]com' is unresponsive, potentially geofenced, registered on 7/18.
Excited to show part 4 of the File Detection and Response #FDR blog series from @pedramamini
How FDR Helps with the SecOps Staffing Dilemma
https://t.co/hdAGXNZFwG
#secops#CyberSecurityExpert
Not sure what these bad actors fancy about Jon McGlone, but waves of #maldocs obfuscate stage-two with his website.
Read through the attack-chain within this new blog:
RTF files, Shellcode and More Shenanigans
https://t.co/lPsADyLBeh
#ThreatIntel#malware
File-borne attacks are a mainstay of the threat landscape and InQuest’s @pedramamini takes a deep dive into File Detection and Response (FDR) as a way to prevent such attacks. He describes what automated threat hunting is and how it can make a difference.
https://t.co/Dq79gsf0gk
Join the Hunt on August, 11th from 5 to 8 at the 1923 Prohibition Bar directly off of Mandalay Bay's casino floor.
No projectors, presos, or pitches. Just an informal gathering with industry veterans. Register at
https://t.co/scC8BlLWyX
#BlackHat22#malware#ThreatIntelligence
A few days ago we discovered an interesting document spoofing contract for the supply of services to an energy company from southern Iran.
Since this family of #maldocs was not previously known, we call it Green Stone.
https://t.co/R16NumItAD
#ThreatHunting#ThreatIntel
When examining the modern threat landscape, empowering your security operations and overcoming the limitations inherent with other #Malware prevention solutions is imperative.
A recent #Qbot campaign showcases the intricacies of detection.
https://t.co/qIJPoYTMwr
#threatintel
Multistage #Maldoc masquerading as a Ukrainian military payroll document. Obfuscated and geofenced to only infect UA systems. #Gamaredon APT
Calling this one GlowSand.
https://t.co/I3m4Kj5blh
#ThreatIntelligence
Microsoft Office has been a long favorite delivery mechanism for malicious payloads, from pen-testers to nation-state threat actor groups, and for good reason. Look back over the years detailing some of the most abused vulnerabilities.
https://t.co/B2jhUN1oNs
#malware#Follina
A rather interesting obfuscated #maldoc uploaded from the IR country code.
InQuest Labs: https://t.co/cqKoPuFrky
Macro downloads and runs
114f0a73818653616d41cf4380d3d987 from hxxps://windowsupdates.global.ssl.fastly[.]net/README.md
#cobaltstrike#malware@DmitriyMelikov 👏