Windows App Layer Protocol Qakbot NamedPipe

Application Layer Protocol

Detect Rare Executables

Windows Modify Registry Qakbot Binary Data Registry

Modify Registry

Zeek x509 Certificate with Punycode

Encrypted Channel

Splunk Data exfiltration from Analytics Workspace using sid query

Exfiltration Over Web Service