MALWARE-OTHER --
MALWARE-OTHER One.Dropper.Qakbot variant binary download attempt
This rule looks within Microsoft OneNote documents for evidence of a malicious Qakbot (qbot) binary within.
This rule will alert when a malicious Microsoft OneNote document containing Qakbot (qbot) malware is detected over the wire.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Drive-by Compromise
Rule Categories::Malware::Other
Rule Categories::File::Office
MITRE::ATT&CK Framework::Enterprise::Initial Access::Valid Accounts::Local Accounts
None
No information provided
None