Skip to content

Hide Navigation Hide TOC

OneNote.EXE Execution of Malicious Embedded Scripts (84b1706c-932a-44c4-ae28-892b28a25b94)

Detects the execution of malicious OneNote documents that contain embedded scripts. When a user clicks on a OneNote attachment and then on the malicious link inside the ".one" file, it exports and executes the malicious embedded script from specific directories.

Cluster A Galaxy A Cluster B Galaxy B Level
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern OneNote.EXE Execution of Malicious Embedded Scripts (84b1706c-932a-44c4-ae28-892b28a25b94) Sigma-Rules 1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2