Microsoft OneNote is a file type now entrenched in the ongoing saga of abused file formats leveraged by adversaries to reach through defenses and deliver malware payloads to end users. Recently, we have seen OneNote's sudden rise to prominence, following a pattern of other types of files used in the same capacity.

Let us help answer your questions about OneNote threats, weaponized carriers at large, or other forms of end-user security attacks involving files and end-user interactions.

Leverage our YARA rule to help detect Microsoft OneNote files containing suspicious strings.

InQuest Email Security Assessment

This month we harvested 702 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 194 (28%), and Google missed 509 (73%). The distribution of misses by file type is depicted below:

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation

InQuest Latest Blog Posts

You’ve Got Malware: The Rise of Threat Actors Using Microsoft OneNote for Malicious Campaigns

Posted on 2023-02-27 by Darren Spruell

Microsoft OneNote is a file type now entrenched in the ongoing saga of abused file formats leveraged by adversaries to reach through defenses and deliver malware payloads to end users. Recently, we have seen OneNote's sudden rise to prominence, following a pattern of other types of files used in the same capacity.

Read more

InQuest Labs Research Spotlight

PE-bear

PE-bear is a multi-platform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.

Read more

PurpleSharp

PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments.

Read more

uac

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of system artifacts.

Read more

Global Security Events

Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content

CPR researchers recently found an instance of cybercriminals using ChatGPT to “improve” the code of a basic Infostealer malware from 2019. Although the code is not complicated or difficult to create, ChatGPT improved the Infostealer’s version.

Read more

10 malicious Python packages exposed in latest repository attack

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Read more

How I Broke Into a Bank Account With an AI-Generated Voice

Banks in the U.S. and Europe tout voice ID as a secure way to log into your account. This source proved it's possible to trick such systems with free or cheap AI-generated voices.

Read more

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.

Copyright © InQuest 2023