Director of Threat Research & Intelligence @InQuest: All views expressed are from my own brain. “Sharing is caring”
Joined September 2016
- Tweets 173
- Following 386
- Followers 1,529
- Likes 2,216
24 Photos and videos
In an era of sophisticated ⚠️ cyber-attacks, 📝 documenting attack sequences is crucial for proactive🛡️ prevention.
🔗 Read our blog by @anti_Expl0it for a view on threat sequencing and its significance ➡️ hubs.ly/Q02bFstM0
#ThreatSequencing #ThreatIntel #Cybersecurity
1
2
704
InQuest and @Threatlabz have analyzed #MysticStealer, a new malware family that extracts data from various sources, including web browsers and cryptocurrency wallets, through its obfuscation techniques ➡️ bit.ly/3N7IHe1
#Malware #CyberSecurity #Cryptocurrency
2
4
997
1 Mar 2023
This is super exciting both personally and professionally. 🦄
📣 We are honored to welcome Chief Intelligence Officer, Darren Spruell ➡️ hubs.ly/Q01DGyHX0
As a long-time collaborator in intelligence-sharing 🧠 communities, Darren has led efforts to maintain data-sharing 🤝relationships in critical industries.
#intelligence #FDR
2
7
1,089
William MacArthur retweeted
27 Feb 2023
New @InQuest blog post covering the recent rise of Microsoft OneNote as a malware carrier:
inquest.net/blog/2023/02/27/…
We cover the timeline, campaigns, and tools. You can find downloadable samples and YARA detection logic at:
github.com/InQuest/malware-s…
github.com/InQuest/yara-rule…
2
17
43
8,725
The holidays are here. Be careful what gifts you open!
inquest.net/blog/2022/12/14/…
#ransomware #threatintel
1
6
11
📌 Watch our intro video, access our open research portal:
labs.inquest.net
Follow our Blog:
inquest.net/blog
See our open-source work:
github.com/InQuest
Connect on LinkedIn:
linkedin.com/company/inquest………
Tweets with 🤖 are InQuest Labs automation.
4
10
Some field notes on an active and successful Phishing campaign that leverages a low-detection document-based lure, to pivot through various hosting providers. Samples, IOCs, and more:
inquest-labs.notion.site/202…
#phishing #malware #malwareanalysis
3
3
William MacArthur retweeted
11 Jul 2022
I'm very excited to share that after countless sleepless nights we're having a break-out year at @InQuest and are looking to double in size in the near term. We're seeking senior talent in both research & development as well as sales & marketing:
inquest.net/careers
3
9
31
We've just added a notion of "collections" to the file corpus (DFI) of labs.inquest.net. Included today are files from InQuest Macro Clustering (~10k), the Enron leak (~16k), and those from the dataset used in the "Invoice #31415 attached" research paper (~15k).
2
10
William MacArthur retweeted
12 May 2022
Historic Hotel of America leads to modern malware for their guests. Why securing your inbox with more than just anti-malware engines is needed to prevent cybercrime attacks.
Sponsored by @InQuest
#cybersecurity #emotet #phishing
bleepingcomputer.com/news/se…
8
18
Looks like #Qbot is back in action. Green Lure seen at least, where is the blue :P
labs.inquest.net/dfi/sha256/…
5.254.118.]198
91.194.11.]15
146.70.87.]163
@James_inthe_box
@Cryptolaemus1
@Anti_Expl0it
@Autow00t
2
9
27
Low scoring #maldoc using @OhioHealth, protected file in the lure.
labs.inquest.net/dfi/sha256/…
@Anti_Expl0it
@James_inthe_box
@executemalware
2
5
11
As a follow up to the previous graphic outlining threats affecting #Ukraine, here is a high level blog on observed threats. Big thanks to the #infosec community for making this possible, #SlavaUkraini
@Anti_Expl0it
@Autow00t
@juanandres_gs
@flakpaket
inquest.net/blog/2022/04/07/…
15
26
Interesting Doughnut 0 VT Score for a "Test?" Doc leading to #Metasploit
labs.inquest.net/dfi/sha256/…
FYI: We heard some others seeing some waves of this week.
@James_inthe_box
@Anti_Expl0it
@executemalware
@Autow00t
2
1
10
#Hancitor run looks like using Efax Lure - Password is 44
labs.inquest.net/dfi/sha256/…
@James_inthe_box
@Anti_Expl0it
@Cryptolaemus1
4
9
24
An update our previous graphic we shared on the cyber-front of the #ukraine conflict. This content was collected from various sources and collaborations within the #infosec community. Special thanks to all involved.
@Anti_Expl0it
@Autow00t
@juanandres_gs
@flakpaket
33
52
We are sharing this visual for tracking threat actors/groups related to the current #ukraine conflict. The content was collected from various sources within the #infosec community. Special thanks to all involved.
@Anti_Expl0it @Autow00t @juanandres_gs
1
116
237
This is an odd one here with extreme uri length directory traversal flavor a .dotm file suffix.
AS37963 - ALIBABA (US) TECHNOLOGY. Note
labs.inquest.net/dfi/sha256/…
@James_inthe_box @JRoosen @Anti_Expl0it @dms1899
2
5
15
Seeing a lot of low score #Dridex docs right now... lots of various lures again.
labs.inquest.net/dfi/sha256/…
@JRoosen @Anti_Expl0it @James_inthe_box @Autow00t
1
8
21