Red Canary on Twitter: "Over the past few hours, we’ve observed malicious phishing emails associated with the delivery affiliate TR in multiple customer environments. The infection scheme was consistent, executing in the following pattern: OneDrive phishing page -> ZIP download -> malicious XLSB -> Qbot" / Twitter
https://twitter.com/redcanary/status/1494786699007860736