Pulse Detail — Threat Intelligence

PULSE NAME

OneNote Documents Increasingly Used to Deliver Malware

WHITE TA577 AlienVault 2023-02-02 Modified: 2023-03-04

IOCs

MEDIUM VOLUME

Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566 T1204 T1530 T1135 T1547 T1059 T1204

MALWARE FAMILIES

XWorm Quasar AsyncRAT DOUBLEBACK Qbot Netwire Redline

Indicators of Compromise (1 / 45 total)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	fc54858ae2e48c9dbe562f68107d1928	MD5 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a	2023-02-02

References (1)

↗ https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware