Update Qakbot Craigslist Domains.md

2021-11-02 12:42:17 -07:00 · 2021-11-02 12:42:17 -07:00 · c3face98fe
--- a/Delivery/Qakbot
+++ b/Delivery/Qakbot
@ -2,7 +2,7 @@
 Qakbot operators have been observed using the Craigslist messaging system as a lure in malicious emails. These emails contain non-clickable links to malicious domains impersonating Craigslist, which the user is instructed to manually type into the address bar to access.

 ## Query
-This query looks for network connections to domains impersonating Craigslists and are associated with the delivery of Qakbot.
+This query looks for network connections to domains impersonating Craigslist which are associated with the delivery of Qakbot.
 ```
 DeviceNetworkEvents
 | where RemoteUrl matches regex @"abuse\.[a-zA-Z]\d{2}-craigslist\.org"