virus logo Virus

HTML/CVE202140444.06F3!tr

description-logoAnalysis

HTML/CVE202140444.06F3!tr is a generic detection for a an exploit trojan. Since this is a generic detection, malware that are detected as HTML/CVE202140444.06F3!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This detection has been related to an MS Office 365 exploit with identity CVE-2021-40444 .

  • The malwares appear to have some embedded malicious URLs within its XML/mshtml/ActiveX component, one of which was found to be pointing to a certain hidus[Removed].com/e8[Removed]/side.html.

  • Below are some of the malware illustrations:

    • Figure 1: Infected Document.


  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 5890B8EED650223F37BB358C095306F3
      Sha256: 049ed15ef970bd12ce662cffa59f7d0e0b360d47fac556ac3d36f2788a2bc5a4
    • Md5: 1D2094CE85D66878EE079185E2761BEB
      Sha256: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2022-05-31 90.02802
2022-05-25 90.02622
2021-10-21 89.06127
2021-10-20 89.06125
2021-10-15 89.05955
2021-10-13 89.05907
2021-10-11 89.05830
2021-10-10 89.05825
2021-09-08 88.00977
2021-09-08 88.00967
ID 10056238
Released Sep 09, 2021
Description
Updated		 Sep 08, 2021
Aliases CVE202140444
Platform Profile HTML