New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now

Microsoft OneNote Documents Used To Deliver Malware

February 8, 2023

Malicious actors are distributing spear-phishing emails with malicious Microsoft OneNote documents to infect users with backdoors, remote access trojans, and information stealers. The malicious software used in the campaigns include Qbot, AsyncRAT, Agent Tesla, DOUBLEBACK, Netwire, QuasarRAT, RedLine Stealer, and XWorm. Multiple Windows binaries are used to carry out the operation including PowerShell, cmd.exe, and curl.exe.