CVE-2021-40444

Vulnerability updated 7 months ago (2024-05-04T20:07:16.321Z)

Download STIX

Preview STIX

Not enough context has been learned about CVE-2021-40444 for a description yet. However we're tracking it as a Vulnerability profile. Vulnerability: A flaw in software design or implementation

Description last updated:

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Malware

Vulnerability

Cobalt Strike

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The TrickBot Malware is associated with CVE-2021-40444. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,	Unspecified	2
The Lokibot Malware is associated with CVE-2021-40444. LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT28 Threat Actor is associated with CVE-2021-40444. APT28, also known as Fancy Bear and Unit 26165 of the Russian Main Intelligence Directorate, is a threat actor linked to Russia with a history of cyber-espionage activities. The group has been involved in several high-profile attacks, including the hacking of the Democratic National Committee (DNC)	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Follina Vulnerability is associated with CVE-2021-40444. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,	Unspecified	2

Source Document References

Information about the CVE-2021-40444 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
Securelist	3 months ago	Analyzing the vulnerability landscape in Q2 2024
Securityaffairs	4 months ago	Void Banshee exploits CVE-2024-38112 zero-day to spread malware
Checkpoint	4 months ago	Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) - Check Point Research
Securityaffairs	4 months ago	Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
Fortinet	5 months ago	MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems \| FortiGuard Labs
CERT-EU	a year ago	Breaking Cyber News From Cyberint - Cyberint
CERT-EU	a year ago	Russian Threat Actors Exploit Outlook Flaw to Hijack Exchange Accounts
CERT-EU	a year ago	Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) - Help Net Security
Securityaffairs	a year ago	Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
InfoSecurity-magazine	a year ago	Russian APT28 Exploits Outlook Bug to Access Exchange
CERT-EU	a year ago	Russian hackers exploiting Outlook bug to hijack Exchange accounts
Unit42	a year ago	In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
CERT-EU	a year ago	The Hidden Dangers of Remote Code Execution (RCE) Exploits in Word Documents
CERT-EU	a year ago	LokiBot Information Stealer Packs Fresh Infection Strategies
Securityaffairs	a year ago	In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues
Fortinet	a year ago	LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros \| FortiGuard Labs
BankInfoSecurity	a year ago	Latest LokiBot Campaign Exploits Malicious MS Documents
InfoSecurity-magazine	a year ago	LokiBot Malware Targets Windows Users in Office Document Attacks
CERT-EU	a year ago	New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs