#OneNote #maldoc Our coverage of this #malware campaign includes a breakdown of the attack chain, IOCs, and some other curious details. People unfamiliar with OneNote as a weaponized document format should get used to this; #QakNote #maldocs are probably here to stay. 6/6

https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/

@SophosXOps
Our coverage of this #malware campaign includes a breakdown of the attack chain, IOCs, and some other curious details -- such as the fact that the embedded graphic elements were originally added to the document using filenames in the Russian language. "Curious," that.

People unfamiliar with OneNote as a weaponized document format should get used to this; #QakNote #maldocs are probably here to stay -- at least, until mail server admins decide to block all inbound .one attachments. 6/6

https://news.sophos.com/en-us/qakbot-onenote-attacks/

The Defender's Guide to #OneNote #MalDocs
https://opalsec.substack.com/p/the-defenders-guide-to-onenote-maldocs