Onenote Malicious Attachment as Initial Vector – Detect, Investigate, and Remediate using Logpoint

Help Center Logpoint Docs Idea Portal Logpoint.com

Attackers are using OneNote files to infiltrate systems by embedding malicious payloads, with OneNote becoming a popular option after macros were disabled.

The attack is not new, with techniques ranging from phishing to sharing OneNote files, and payloads including RATs and information stealers.

To detect and respond to these attacks, it is recommended to check strings of .one files, monitor OneNote’s child process executions, and check for suspicious use of built-in Windows binaries. Windows and 7-Zip have fixed bugs that allowed malicious file formats to bypass security warnings.

The report explores how this attack works and its potential longevity.

https://www.logpoint.com/en/blog/onenote-malicious-attachment-as-initial-vector/

Be the first to reply!

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded