As Emotet and Qakbot are both delivered through MalSpam, Binary Defense recommends employing email threat filtering systems and educating employees to use caution when opening attachments from external senders. It is best to not enable macros on suspicious-looking documents contained in emails. To help organizations block or detect suspicious network traffic, all Command and Control (C2) IP addresses found to be used by these threats are uploaded to Binary Defense’s public OTX feed. All URLs found are uploaded to URLhaus, which is a public database of malicious URLs. As all of these infections can lead to more serious issues down the line, including ransomware and PII theft, Binary Defense also recommends the use of an EDR solution with monitoring by skilled analysts 24 hours a day, which will either pick up the initial infection or will pick up the resulting reconnaissance efforts carried out by the ransomware actors to stop intrusions in the early stages.