Phemedrone

Malware Profile Updated 16 days ago
Download STIX
Preview STIX
Phemedrone is a malicious software (malware) that has been causing significant cybersecurity concerns due to its ability to exploit the Windows SmartScreen bypass, as reported by various security outlets. This malware is designed to infiltrate your computer or device undetected, typically through suspicious downloads, emails, or websites. Once inside the system, Phemedrone can steal personal information, disrupt operations, and potentially hold data for ransom. The Phemedrone Info Stealer campaign exploits a specific vulnerability in Windows, identified as CVE-2023-36025. The exact scale of stolen cryptocurrency or private data due to this malware remains unclear. However, cybersecurity experts have noted that the methods employed by Phemedrone go beyond traditional data theft. It downloads additional files and scripts to achieve persistence and second-stage defense evasion, allowing for the successful installation of the Phemedrone Stealer. Despite ongoing investigations and mitigation efforts, the full extent of the damage caused by the Phemedrone Stealer remains uncertain. A comprehensive list of Indicators of Compromise (IoCs) related to Phemedrone Stealer has been compiled and can be found at the provided link. These IoCs are crucial for understanding the behavior of this malware and implementing effective countermeasures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Phemedrone Stealer
4
Phemedrone Stealer is a sophisticated malware that targets Windows Defender SmartScreen's vulnerability, CVE-2023-36025, for its defense evasion and infection chain. The malware campaign was uncovered by Trend Micro researchers who found it exploiting this vulnerability, despite the release of a sec
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Malware
Payload
Telegram
Vulnerability
Exploits
Discord
Windows
Ransomware
Loader
Microsoft
Github
Encryption
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-36025Unspecified
4
CVE-2023-36025 is a significant vulnerability, representing a flaw in the design or implementation of Microsoft's Windows SmartScreen security feature. This vulnerability was discovered as one of three zero-days affecting Microsoft Windows and Server. The exploit begins with the execution of a malic
Windows Defender Smartscreen BypassUnspecified
2
The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exte
Source Document References
Information about the Phemedrone Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
16 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
23 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU
6 months ago
Hackers Exploiting Windows Defender SmartScreen Flaw | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
How to exploit Windows Defender Antivirus to infect a device with malware
Securityaffairs
6 months ago
Security Affairs newsletter Round 454 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 460 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 459 by Pierluigi Paganini