Posted on 2020-05-12Josiah Smith
Beyond the capability of identifying, extracting, and exposing malicious content from hundreds of file types. InQuest Deep File Inspection (DFI) utilizes machine vision and optical character recognition (OCR) to identify the social engineering component of a variety of malware lures. This is one of the myriads of techniques that we employ to detect novel malware that may leverage previous unseen pivots.
Posted on 2020-05-06William MacArthur, Amirreza Niakanlahiji, and Pedram Amini.
In this blog, we dissect a novel and stealthy Excel Macrosheet fueled malware campaign that currently bypasses most protection stacks to deliver ZLoader to its victims. We trace the earliest appearance to Monday, May 4th (Star Wars Day), and continue to actively track this evolving campaign.
Posted on 2020-04-21Josiah Smith
Whether it’s intellectual property, proprietary code, personal data, or financial information, the goal of information security is to protect those assets. However, data-breaches have become common-place and resulted in an average cost of $3.92 M in 2019 per Digital Guardian.
Posted on 2020-03-20William MacArthur
In this quick, end of the week post, we wanted to touch on the ubiquitous COVID-19 (aka Corona Virus). Sharing an interesting lure, related malware, and some IOCs for colleagues to dig into while society on a whole is relegated to solitude in our homes. Our posting here is in no way comprehensive. There is a myriad of malware campaigns, disinformation operations, and general scamming revolving around the very concerning topic. Our goal is to further awareness and share some knowledge in the process.
Posted on 2020-03-18Amirreza Niakanlahiji and Pedram Amini
In this post, we provide a detailed analysis of an interesting Excel 4.0 XLM macrosheet maldoc distribution campaign that is tied to a variety of executable payloads, a subject matter we'll be covering in a future blog. As of the time of writing, detection rates for this class of attack are relatively low, and these samples happily bypass the internal GSuite and O365 protection mechanisms.