SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot
In September of 2021, a new malware family named SquirrelWaffle joined the threat landscape. It spread through infected Microsoft Office documents attached in spam emails. The infection flow starts with a ZIP file that contains the infected Office document. When the file is opened by the victim, the malicious VBA macros download SquirrelWaffle DLL, which eventually leads to deploying another threat, such as CobaltStrike or QakBot.