Lebanese Cedar Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en49
fr2
de1

Country

us42
fr2
de1
cn1

Actors

Lebanese Cedar52

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1OpenSSL Pointer Arithmetic integer overflow9.89.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2016-2177
2Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
3Image Sharing Script postComment.php Stored cross site scriting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.06
4PHP Rental Classifieds Script sql injection6.35.8$0-$5k$0-$5kNot DefinedNot Defined0.05
5GeniXCMS register.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2016-10096
6Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.07CVE-2008-3936
7KeystoneJS CSRF Prevention cross-site request forgery6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2017-16570
8Moodle Assignment Submission Page cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-2578
9Friends in War Make/Break index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
10Serendipity functions_entries.inc.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-5609
11Image Sharing Script searchpin.php Reflected cross site scriting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.04
12b2evolution javascript URL _markdown.plugin.php cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-5553
13Joomla CMS com_blog_calendar index.php sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.08
14IrfanView TOOLS Plugin memory corruption7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-9919
15Google Chrome File Download Malware input validation6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2018-6115
16Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account credentials management6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-0226
17Microsoft Internet Explorer memory corruption6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-0940
18Microsoft Internet Explorer memory corruption7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2017-11827
19PostgreSQL Query access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-1058
20SimpleSAMLphp saml2 validateSignature resource management7.87.4$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
168.65.122.109server172-1.web-hosting.comLebanese CedarHigh
2XX.XXX.XX.XXXxxxxxxxxxx.xxxXxxxxxxx XxxxxHigh
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxx XxxxxHigh
4XXX.XXX.X.XXXXxxxxxxx XxxxxHigh
5XXX.XXX.XXX.XXXxxxxxxx XxxxxHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh
3TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/adminlogin.aspHigh
2File/ajax-files/followBoard.phpHigh
3File/ajax-files/postComment.phpHigh
4File/index.phpMedium
5File/xxxxxxxxx.xxxHigh
6Filexxxxxx/xxxxx.xHigh
7Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxHigh
8Filexxxxx.xxxMedium
9Filexxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxxHigh
10Filexxxxxxxx.xxxMedium
11Filexxxxxxxxxxxxx/xxxxxHigh
12Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxHigh
13ArgumentxxxxxxxxxxMedium
14ArgumentxxxxxLow
15ArgumentxxxLow
16ArgumentxxxxxLow
17ArgumentxxxxxLow
18ArgumentxxxxxLow
19ArgumentxxxxLow
20Argumentxxxxxxxx/xxxxxxxxHigh
21Argumentxxxxxxxx/xxxxxxxxHigh
22Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>High
23Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxHigh
24Input Value'xx''='Low
25Input Value-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--High
26Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxHigh
27Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!