Website
onenoteonlinesync.onenote.com
Tags
Phishing Download Exfiltration
Phishing
Attackers can insert an attachment on a OneNote Notebook and then use the attachment's direct download link to phish users.
Command and Control
None
Exfiltration
Attackers can insert files they wish to exfiltrate on a OneNote Notebook and send the direct download link to themselves. This method is not ideal for large files due to the file size restriction in place.
Download
Attackers can insert an attachment on a OneNote Notebook and then use the attachment's download link to directly download the file.
Service Provider
Microsoft
Sample
https://twitter.com/mrd0x/status/1475085452784844803
Created: 2021-12-26
Last Update: 2021-12-26
Credits: mr.d0x