Potential Qakbot Registry Activity

Rule Info

Name
Potential Qakbot Registry Activity
Author
Hieu Tran
Description
Detects a registry key used by IceID in a campaign that distributes malicious OneNote files
Reference
https://www.zscaler.com/blogs/security-research/onenote-growing-threat-malware-distribution
Date
2023-03-13 00:00:00
Modified
None
Id
1c8e96cd-2bed-487d-9de0-b46c90cade56
Tags
attack.defense_evasion attack.t1112 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=1c8e96cd-2bed-487d-9de0-b46c90cade56

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4700 from @nasbench - Promote older rules status from `experimental` to `test`
2024-02-01
367ebd939
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
Hieu Tran
feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111)
2023-03-17
0e934bd4b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022