Qakbot, Qbot, Pinkslipbot, and QuakBot are all names for the same complex malware. Researchers have noticed Qakbot operations leveraging OneNote papers for spreading distribution. It has been operational for well over a decade. This adds Qbot to the list of malware that uses this technique of distribution.
The campaigns alternate between two attack vectors: an email attachment containing a malicious file and a URL that can be used to download it. A call-to-action button is present in the OneNote documents, and clicking it launches the payload.