{
  "website": "onenoteonlinesync.onenote.com",
  "tags": [
    "Phishing",
    "Download",
    "Exfiltration"
  ],
  "service_provider": "Microsoft",
  "phishing": "Attackers can insert an attachment on a OneNote Notebook and then use the attachment's direct download link to phish users.",
  "command_and_control": "None",
  "exfiltration": "Attackers can insert files they wish to exfiltrate on a OneNote Notebook and send the direct download link to themselves. This method is not ideal for large files due to the file size restriction in place.",
  "download": "Attackers can insert an attachment on a OneNote Notebook and then use the attachment's download link to directly download the file.",
  "sample_url": "https://twitter.com/mrd0x/status/1475085452784844803",
  "created": "2021-12-26",
  "last_update": "2021-12-26",
  "credits": "mr.d0x",
  "detail_path": "/site/6f6e656e6f74656f6e6c696e6573796e632e6f6e656e6f74652e636f6d",
  "detail_slug": "6f6e656e6f74656f6e6c696e6573796e632e6f6e656e6f74652e636f6d",
  "detail_url": "https://lots-project.com/site/6f6e656e6f74656f6e6c696e6573796e632e6f6e656e6f74652e636f6d",
  "scraped_at": "2026-06-16T11:58:21Z"
}