New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Microsoft OneNote Documents Used To Deliver Malware

February 8, 2023

Malicious actors are distributing spear-phishing emails with malicious Microsoft OneNote documents to infect users with backdoors, remote access trojans, and information stealers. The malicious software used in the campaigns include Qbot, AsyncRAT, Agent Tesla, DOUBLEBACK, Netwire, QuasarRAT, RedLine Stealer, and XWorm. Multiple Windows binaries are used to carry out the operation including PowerShell, cmd.exe, and curl.exe.

Featured Resources

View More Resources
image
blog

MITRE ATT&CK v19 Unpacked: What Changed and How to Operationalize 

MITRE ATT&CK v19 introduces major changes that reshape how organizations understand and validate adversary behavior, including retiring the Defense Evasion tactic and introducing Stealth and Defense Impairment tactics.

Read More
CymuLab Live: A Hands-On Lab
Cymulate Event

CymuLab Live: A Hands-On Lab

Read More
CymuLab Live: A Hands-On Lab
Cymulate Event

CymuLab Live: A Hands-On Lab

Read More