Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction
This post will cover a brief timeline of QakBot’s evolution, and focus primarily on recently observed attack techniques. We’ll discuss detection methodologies and share MQL rules that anyone can use to detect, prevent, and hunt for these threats in email environments today. If you're already running Sublime, you received these new protections automatically.
April 12, 2023
Sam Scholten, Detection Engineering