Lebanese Cedar Analysis

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us44

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lebanese Cedar1
NetWire1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System6
Not Defined6
Web Browser4
Image Processing Software2
Wireless LAN Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Microsoft4
Cisco4
Joomla2
Dreambox2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Internet Explorer4
Joomla CMS2
Friends in War Make2
Break2
OpenJPEG2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1OpenSSL Pointer Arithmetic integer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.07559CVE-2016-2177
2Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
3Image Sharing Script postComment.php Stored cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
4PHP Rental Classifieds Script sql injection6.35.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00000
5GeniXCMS register.php sql injection7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01213CVE-2016-10096
6Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.010.01974CVE-2008-3936
7KeystoneJS CSRF Prevention cross-site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.08382CVE-2017-16570
8Moodle Assignment Submission Page cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2017-2578
9Friends in War Make/Break index.php sql injection6.35.7$0-$5kCalculatingProof-of-ConceptNot Defined0.030.00000
10Serendipity functions_entries.inc.php sql injection7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01061CVE-2017-5609
11Image Sharing Script searchpin.php Reflected cross site scripting3.53.2$0-$5kCalculatingProof-of-ConceptNot Defined0.000.00000
12b2evolution javascript URL _markdown.plugin.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01061CVE-2017-5553
13Joomla CMS com_blog_calendar index.php sql injection6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.030.00000
14IrfanView TOOLS Plugin memory corruption7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.01525CVE-2017-9919
15Google Chrome File Download Malware input validation6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.01213CVE-2018-6115
16Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account credentials management6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01061CVE-2018-0226
17Microsoft Internet Explorer memory corruption6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.02866CVE-2019-0940
18Microsoft Internet Explorer memory corruption7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.09203CVE-2017-11827
19PostgreSQL Query access control7.57.2$0-$5kCalculatingNot DefinedOfficial Fix0.050.02489CVE-2018-1058
20SimpleSAMLphp saml2 validateSignature resource management7.87.4$0-$5kCalculatingNot DefinedOfficial Fix0.000.01136CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
168.65.122.109server172-1.web-hosting.comLebanese CedarverifiedHigh
2XX.XXX.XX.XXXxxxxxxxxxx.xxxXxxxxxxx XxxxxverifiedHigh
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxx XxxxxverifiedHigh
4XXX.XXX.X.XXXXxxxxxxx XxxxxverifiedHigh
5XXX.XXX.XXX.XXXxxxxxxx XxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminlogin.asppredictiveHigh
2File/ajax-files/followBoard.phppredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/index.phppredictiveMedium
5File/xxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxx.xpredictiveHigh
7Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxx/xxxxxpredictiveHigh
12Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
13ArgumentxxxxxxxxxxpredictiveMedium
14ArgumentxxxxxpredictiveLow
15ArgumentxxxpredictiveLow
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxpredictiveLow
19ArgumentxxxxpredictiveLow
20Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
21Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
22Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
23Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
24Input Value'xx''='predictiveLow
25Input Value-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--predictiveHigh
26Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
27Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!