ioc[.]one - OSINT Cyber Threat Intelligence Database

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems | FortiGuard Labs

Tags

cmtmf-attack-pattern:	Masquerading
country:	India
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Server - T1583.004 Server - T1584.004 Software - T1592.002 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	648d484f-00a5-4160-84a3-7751c4fcba87
Fingerprint	b4709903ab2d6d53
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 27, 2024, 3 p.m.
Added to db	Aug. 31, 2024, 6:54 a.m.
Last updated	Nov. 17, 2024, 12:55 p.m.
Headline	MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems
Title	MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems \| FortiGuard Labs
Detected Hints/Tags/Attributes	61/4/14

Source URLs

	Redirection	Url
Details	Redirection	https://feeds.fortinet.com/~/900172730/0/fortinet/blog/threat-research~MerkSpy-Exploiting-CVE-to-Infiltrate-Systems
Details	Source	https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com
Details	fortinet.com	feeds.fortinet.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	122	✔	Fortinet Threat Research Blog	https://feeds.fortinet.com/fortinet/blog/threat-research	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	102		cve-2021-40444
Details	Domain	1		agent.sc
Details	File	58		document.xml
Details	File	1		olerender.html
Details	File	105		googleupdate.exe
Details	sha256	1		92eb60179d1cf265a9e2094c9a54e025597101b8a78e2a57c19e4681df465e08
Details	sha256	1		95a3380f322f352cf7370c5af47f20b26238d96c3ad57b6bc972776cc294389a
Details	sha256	1		0ffadb53f9624950dea0e07fcffcc31404299230735746ca43d4db05e4d708c6
Details	sha256	1		dd369262074466ce937b52c0acd75abad112e395f353072ae11e3e888ac132a8
Details	sha256	1		569f6cd88806d9db9e92a579dea7a9241352d900f53ff7fe241b0006ba3f0e22
Details	sha256	1		6cdc2355cf07a240e78459dd4dd32e26210e22bf5e4a15ea08a984a5d9241067
Details	IPv4	1		45.89.53.46
Details	Url	1		http://45.89.53.46/google/olerender.html
Details	Url	1		http://45.89.53.46/google/update.php