| 2022-06-09 | Brad Duncan | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) |
| 2022-04-20 | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
| 2022-03-25 | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
| 2022-03-16 | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
| 2021-11-04 | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-09-23 | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
| 2021-06-30 | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-03-03 | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-23 | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-01-26 | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-20 | Brad Duncan | Qakbot activity resumes after holiday break |
| 2020-12-09 | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-11-03 | Brad Duncan | Emotet -> Qakbot -> more Emotet |
| 2020-08-19 | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-04-01 | Brad Duncan | Qakbot malspam sent from an infected Windows host |
| 2019-03-13 | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
https://www.sans.edu
