← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OneNote Documents Increasingly Used to Deliver Malware
WHITE TA577 AlienVault 2023-02-02 Modified: 2023-03-04
45
IOCs
MEDIUM VOLUME
Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023.
qbotonenotedoublebackasyncratquasarxwormagentteslaredlinenetwirepowershelllnk file
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XWorm Quasar AsyncRAT DOUBLEBACK Qbot Netwire Redline
Indicators of Compromise (45)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
domain direct-trojan.com 2023-02-02
FileHash-MD5 fc54858ae2e48c9dbe562f68107d1928 MD5 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
FileHash-SHA1 70352ca74fa8d31d6b1779b56c4fb16834d4e4c6 SHA1 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
FileHash-SHA256 0b0c70ee1612139cf7a83847cca805689aec9fbcc587a7ef8f26aa4fb9e71295 2023-02-02
FileHash-SHA256 0ff4aa2eb1cd681e3b77348af935bcfc56f4b7cae48bcd826000b7ff2b82b671 2023-02-02
FileHash-SHA256 15212428deeeabcd5b11a1b8383c654476a3ea1b19b804e4aca606fac285387f 2023-02-02
FileHash-SHA256 1791dd7a7c7d0688fac3626d57221ada157c57572cf9ed46ad4cab3d28dbaf91 2023-02-02
FileHash-SHA256 222b1a425f75fc7998a0bbabd52277cd82bb5ec50b75f4fb67568b3b754f5406 2023-02-02
FileHash-SHA256 2283c3be89eb6cbf0e1579a6e398a5d1f81a50793fcca22fbc6cbdab53dc2d31 2023-02-02
FileHash-SHA256 328a12fdd6b485362befb392925282451d65aa23482584a49dd5b0e126218df7 2023-02-02
FileHash-SHA256 377fe4e55b6dde063c15c41389f3bb5aacf95443874bdcc0d02a44d6bd793780 2023-02-02
FileHash-SHA256 43f4eaefc6e71f8d30b2e3749475af51ce4d6740546706113cc4785b4410a14c 2023-02-02
FileHash-SHA256 66c045eb61f2e589b1e27db284c9c518e5d0e87dcff25b096eede7047f7dd207 2023-02-02
FileHash-SHA256 6a1bac8fbb30f4b98da7f7ac190fb971bf91d15b41748bc63fd9cbddb96ef189 2023-02-02
FileHash-SHA256 73dc35d1fa8d1e3147a5fe6056e01f89847441ec46175ba60b24a56b7fbdf2f9 2023-02-02
FileHash-SHA256 75819879049e80de6376f146430e63a53fc4291d21f3db930ea872b82d07c77a 2023-02-02
FileHash-SHA256 8276104d8d47def986063b8fbafd82ad5f4cd23862ff9ede1231cefb35115a1b 2023-02-02
FileHash-SHA256 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
FileHash-SHA256 a5ae1b866c5d8a7b3eb8427e686cf5d0264b809ed4491b47346542bf69caab65 2023-02-02
FileHash-SHA256 a748f4e526c1a5fed7e57887ef951e451236ee3ad39cf6161d18e5c2230aca0b 2023-02-02
FileHash-SHA256 adb237144a52fc610984bd5ae8501271c5eef8ff49eff0a9d02adf4a5e36ad3b 2023-02-02
FileHash-SHA256 bdc52f8983b7f034e86d1628efab5faf974e8c33ea9c3bcab0fd09ca462f8322 2023-02-02
FileHash-SHA256 c59f95d9c9ff830d33fb73c2a8b0ee8be6619b6823fc23210600b9fa88a8c9d4 2023-02-02
FileHash-SHA256 c8e326756cc1f95ff51ffe26471df16f4131fdbca2ed14f8c8d14e21010058b9 2023-02-02
FileHash-SHA256 de30f2ba2d8916db5ce398ed580714e2a8e75376f31dc346b0e3c898ee0ae4cf 2023-02-02
FileHash-SHA256 dfb8ba6c2ac264ac73f6d2c440d2c0744c043f1d8435bb798fef5380a649fc4e 2023-02-02
FileHash-SHA256 e1d34ad42938a777d80f3ee4c206de14021f13ab79600168b85894fdb0867b3e 2023-02-02
FileHash-SHA256 e2b70c8552b38a6b8722d614254202c346190c6a187984a4450223eb536aaf4b 2023-02-02
FileHash-SHA256 e5a33b42b71f8ac1a5371888d11a0066b49a7f0c25fe74857fa07fb0c9bdff27 2023-02-02
FileHash-SHA256 ef5a7fc0c2a301b57f0723af97faea37374b91eb3b72d8ca6ffc09a095998bb2 2023-02-02
domain barricks.org 2023-02-02
domain codezian.com 2023-02-02
domain depotejarat.ir 2023-02-02
domain kanaskanas.com 2023-02-02
domain myvigyan.com 2023-02-02
domain onenotegem.com 2023-02-02
domain stnicholaschurch.ca 2023-02-02
domain zaminkaran.ir 2023-02-02
hostname ftp.mgcpakistan.com 2023-02-02
hostname ghcc.duckdns.org 2023-02-02
hostname newtryex.ddns.net 2023-02-02
hostname plax.duckdns.org 2023-02-02
hostname su1d.nerdpol.ovh 2023-02-02
hostname winery.nsupdate.info 2023-02-02
hostname www.onenotegem.com 2023-02-02
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware