HTML/CVE202140444.06F3!tr
Analysis
HTML/CVE202140444.06F3!tr is a generic detection for a an exploit trojan.
Since this is a generic detection, malware that are detected as HTML/CVE202140444.06F3!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This detection has been related to an MS Office 365 exploit with identity CVE-2021-40444 .
- The malwares appear to have some embedded malicious URLs within its XML/mshtml/ActiveX component, one of which was found to be pointing to a certain hidus[Removed].com/e8[Removed]/side.html.
- Below are some of the malware illustrations:
- Figure 1: Infected Document.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 5890B8EED650223F37BB358C095306F3
Sha256: 049ed15ef970bd12ce662cffa59f7d0e0b360d47fac556ac3d36f2788a2bc5a4 - Md5: 1D2094CE85D66878EE079185E2761BEB
Sha256: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52
- Md5: 5890B8EED650223F37BB358C095306F3
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |