CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
Tags
attack-pattern: Data Cloud Services - T1021.007 Control Panel - T1218.002 Credentials - T1589.001 Dns Server - T1583.002 Dns Server - T1584.002 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 503fbd30-2f71-4738-a046-b530cde70f8d
Fingerprint 95803b99ffbf8703
Analysis status DONE
Considered CTI value 1
Text language
Published Jan. 12, 2024, midnight
Added to db Oct. 15, 2024, 4:14 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline CVE-2023-36025 Exploited for Defence Evasion in Phemedrone Stealer Campaign
Title CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
Detected Hints/Tags/Attributes 84/1/31
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_my/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Details Source https://www.trendmicro.com/en_sg/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Details Source https://www.trendmicro.com/en_au/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Details Source https://www.trendmicro.com/en_nz/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 45 
cve-2023-36025
Details Domain 12 
filetransfer.io
Details Domain 27 
shorturl.at
Details Domain 6 
and.net
Details Domain 25 
the.net
Details File 1 
crafting.url
Details File 2 
crafted.url
Details File 6 
malicious.url
Details File 2 
the.url
Details File 55 
control.exe
Details File 1018 
rundll32.exe
Details File 4 
data3.txt
Details File 27 
attrib.exe
Details File 11 
werfaultsecure.exe
Details File 11 
wer.dll
Details File 4 
secure.pdf
Details File 1 
waer.dll
Details File 748 
kernel32.dll
Details File 3 
c:\users\public\libraries\books\werfaultsecure.exe
Details File 14 
activeds.dll
Details File 2 
c:\\users\\public\\libraries\\books\\secure.pdf
Details File 1 
c:\\users\\public\\libraries\\books\\waer.dll
Details File 2 
c:\\users\\public\\libraries\\books\\werfaultsecure.exe
Details File 99 
c:\windows\explorer.exe
Details File 60 
c:\windows\system32\schtasks.exe
Details File 69 
shlwapi.dll
Details File 19 
wintrust.dll
Details File 1 
c:\users\public\libraries\books and copies waer.dll
Details File 249 
schtasks.exe
Details File 229 
advapi32.dll
Details MITRE ATT&CK Techniques 7 
T1218.002