Lebanese Cedar Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us46

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lebanese Cedar1
NetWire1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Web Browser6
Content Management System4
Learning Management Software2
Image Processing Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Microsoft4
Cisco4
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Internet Explorer4
Image Sharing Script4
Moodle2
WordPress2
OpenJPEG2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1OpenSSL Pointer Arithmetic integer overflow9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.13651CVE-2016-2177
2Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5kCalculatingProof-of-ConceptNot Defined0.020.00000
3Image Sharing Script postComment.php Stored cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
4PHP Rental Classifieds Script sql injection6.35.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00000
5GeniXCMS register.php sql injection7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00171CVE-2016-10096
6Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.040.02506CVE-2008-3936
7KeystoneJS CSRF Prevention cross-site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00232CVE-2017-16570
8Moodle Assignment Submission Page cross site scripting5.24.9$5k-$25kCalculatingNot DefinedOfficial Fix0.000.00076CVE-2017-2578
9Friends in War Make/Break index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
10Serendipity functions_entries.inc.php sql injection7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00144CVE-2017-5609
11Image Sharing Script searchpin.php Reflected cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
12b2evolution javascript URL _markdown.plugin.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00078CVE-2017-5553
13Joomla CMS com_blog_calendar index.php sql injection6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.030.00000
14IrfanView TOOLS Plugin memory corruption7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2017-9919
15Google Chrome File Download Malware input validation6.46.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00706CVE-2018-6115
16Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account credentials management6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00351CVE-2018-0226
17Microsoft Internet Explorer memory corruption6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.14010CVE-2019-0940
18Microsoft Internet Explorer memory corruption7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00704CVE-2017-11827
19PostgreSQL Query access control7.57.2$0-$5kCalculatingNot DefinedOfficial Fix0.000.00477CVE-2018-1058
20SimpleSAMLphp saml2 validateSignature resource management7.87.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00748CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
168.65.122.109server172-1.web-hosting.comLebanese Cedar05/31/2021verifiedHigh
2XX.XXX.XX.XXXxxxxxxxxxx.xxxXxxxxxxx Xxxxx05/31/2021verifiedHigh
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxx Xxxxx05/31/2021verifiedHigh
4XXX.XXX.X.XXXXxxxxxxx Xxxxx05/31/2021verifiedHigh
5XXX.XXX.XXX.XXXxxxxxxx Xxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminlogin.asppredictiveHigh
2File/ajax-files/followBoard.phppredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/index.phppredictiveMedium
5File/xxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxx.xpredictiveHigh
7Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxx/xxxxxpredictiveHigh
12Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
13ArgumentxxxxxxxxxxpredictiveMedium
14ArgumentxxxxxpredictiveLow
15ArgumentxxxpredictiveLow
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxpredictiveLow
19ArgumentxxxxpredictiveLow
20Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
21Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
22Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
23Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
24Input Value'xx''='predictiveLow
25Input Value-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--predictiveHigh
26Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
27Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!