diff --git a/rules-emerging-threats/2023/Malware/Qakbot/README.md b/rules-emerging-threats/2023/Malware/Qakbot/README.md
index 2e50a2b2e88..a858b4bda03 100644
--- a/rules-emerging-threats/2023/Malware/Qakbot/README.md
+++ b/rules-emerging-threats/2023/Malware/Qakbot/README.md
@@ -8,6 +8,7 @@ You can find more information on the threat in the following articles:
 
 - [Qakbot - malpedia](https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot)
 - [Qakbot- pr0xylife](https://github.com/pr0xylife/Qakbot/)
+- [DOCUMENTS AND RESOURCES RELATED TO THE DISRUPTION OF THE QAKBOT MALWARE AND BOTNET](https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources)
 
 ## Rules
 
@@ -15,3 +16,4 @@ You can find more information on the threat in the following articles:
 - [Potential Qakbot Rundll32 Execution](./proc_creation_win_malware_qakbot_rundll32_execution.yml)
 - [Qakbot Rundll32 Exports Execution](./proc_creation_win_malware_qakbot_rundll32_exports.yml)
 - [Qakbot Rundll32 Fake DLL Extension Execution](./proc_creation_win_malware_qakbot_rundll32_fake_dll_execution.yml)
+- [Qakbot Uninstaller Execution](./proc_creation_win_malware_qakbot_uninstaller_cleanup.yml)
diff --git a/rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_uninstaller_cleanup.yml b/rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_uninstaller_cleanup.yml
new file mode 100644
index 00000000000..7c18a07969c
--- /dev/null
+++ b/rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_uninstaller_cleanup.yml
@@ -0,0 +1,28 @@
+title: Qakbot Uninstaller Execution
+id: bc309b7a-3c29-4937-a4a3-e232473f9168
+status: experimental
+description: Detects the execution of the Qakbot uninstaller file mentioned in the USAO-CDCA document on the disruption of the Qakbot malware and botnet
+references:
+    - https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources
+    - https://www.virustotal.com/gui/file/7cdee5a583eacf24b1f142413aabb4e556ccf4ef3a4764ad084c1526cc90e117/community
+    - https://www.virustotal.com/gui/file/fab408536aa37c4abc8be97ab9c1f86cb33b63923d423fdc2859eb9d63fa8ea0/community
+author: Florian Roth (Nextron Systems)
+date: 2023/08/31
+tags:
+    - detection.emerging_threats
+    - attack.execution
+logsource:
+    category: process_creation
+    product: windows
+detection:
+    selection:
+        - Image|endswith: '\QbotUninstall.exe'
+        - Hashes|contains:
+            - 'IMPHASH=E772C815072311D6FB8C3390743E6BE5'
+            - 'SHA256=559CAE635F0D870652B9482EF436B31D4BB1A5A0F51750836F328D749291D0B6'
+            - 'SHA256=855EB5481F77DDE5AD8FA6E9D953D4AEBC280DDDF9461144B16ED62817CC5071'
+            - 'SHA256=FAB408536AA37C4ABC8BE97AB9C1F86CB33B63923D423FDC2859EB9D63FA8EA0'
+    condition: selection
+falsepositives:
+    - Unlikely
+level: high