← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OneNote Documents Increasingly Used to Deliver Malware
WHITE TA577 AlienVault 2023-02-02 Modified: 2023-03-04
45
IOCs
MEDIUM VOLUME
Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023.
qbotonenotedoublebackasyncratquasarxwormagentteslaredlinenetwirepowershelllnk file
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XWorm Quasar AsyncRAT DOUBLEBACK Qbot Netwire Redline
Indicators of Compromise (1 / 45 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 70352ca74fa8d31d6b1779b56c4fb16834d4e4c6 SHA1 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware