← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OneNote Documents Increasingly Used to Deliver Malware | Proofpoint UK
WHITE TA577 sbik_intel 2023-02-01 Modified: 2023-03-03
86
IOCs
HIGH VOLUME
Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023. OneNote is a digital notebook created by Microsoft and available via the Microsoft 365 product suite. Proofpoint has observed threat actors deliver malware via OneNote documents, which are .one extensions, via email attachments and URLs.
qbotonenotedoublebackasyncratbecquasarxwormasyncrat c2ta577quasar ratagentteslaredlinetoolspowershellquasarrat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XWorm Quasar BEC AsyncRAT DOUBLEBACK OneNote Qbot
Indicators of Compromise (1 / 86 total)
All URL domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 fc54858ae2e48c9dbe562f68107d1928 MD5 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-01
References (1)
↗ https://www.proofpoint.com/uk/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware