Lebanese Cedar تحليل

IOB - Indicator of Behavior (52)

التسلسل الزمني

اللغة

en48
fr2
de2

البلد

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Viprinet Multichannel VPN Router 3002
GeniXCMS2
Adobe Digital Editions2
OpenJPEG2
Affiliate Tracking Script2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1OpenSSL Pointer Arithmetic تلف الذاكرة9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.13651CVE-2016-2177
2Image Sharing Script followBoard.php Error حقن إس كيو إل6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
3Image Sharing Script postComment.php Stored سكربتات مشتركة3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
4PHP Rental Classifieds Script حقن إس كيو إل6.35.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00000
5GeniXCMS register.php حقن إس كيو إل7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00171CVE-2016-10096
6Dreambox DM500 Web Server تجاوز الصلاحيات7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.040.02506CVE-2008-3936
7KeystoneJS CSRF Prevention طلب تزوير مشترك6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00232CVE-2017-16570
8Moodle Assignment Submission Page سكربتات مشتركة5.24.9$5k-$25kجاري الحسابNot DefinedOfficial Fix0.000.00076CVE-2017-2578
9Friends in War Make/Break index.php حقن إس كيو إل6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
10Serendipity functions_entries.inc.php حقن إس كيو إل7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00144CVE-2017-5609
11Image Sharing Script searchpin.php Reflected سكربتات مشتركة3.53.2$0-$5kجاري الحسابProof-of-ConceptNot Defined0.000.00000
12b2evolution javascript URL _markdown.plugin.php سكربتات مشتركة4.44.4$0-$5kجاري الحسابNot DefinedOfficial Fix0.030.00078CVE-2017-5553
13Joomla CMS com_blog_calendar index.php حقن إس كيو إل6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.030.00000
14IrfanView TOOLS Plugin تلف الذاكرة7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2017-9919
15Google Chrome File Download Malware تجاوز الصلاحيات6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00706CVE-2018-6115
16Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account تجاوز الصلاحيات6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00351CVE-2018-0226
17Microsoft Internet Explorer تلف الذاكرة6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.14010CVE-2019-0940
18Microsoft Internet Explorer تلف الذاكرة7.16.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00704CVE-2017-11827
19PostgreSQL Query تجاوز الصلاحيات7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00477CVE-2018-1058
20SimpleSAMLphp saml2 validateSignature الحرمان من الخدمة7.87.4$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00748CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
168.65.122.109server172-1.web-hosting.comLebanese Cedar31/05/2021verifiedعالي
2XX.XXX.XX.XXXxxxxxxxxxx.xxxXxxxxxxx Xxxxx31/05/2021verifiedعالي
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxx Xxxxx31/05/2021verifiedعالي
4XXX.XXX.X.XXXXxxxxxxx Xxxxx31/05/2021verifiedعالي
5XXX.XXX.XXX.XXXxxxxxxx Xxxxx31/05/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
2T1068CWE-264, CWE-284Execution with Unnecessary Privilegespredictiveعالي
3TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/adminlogin.asppredictiveعالي
2File/ajax-files/followBoard.phppredictiveعالي
3File/ajax-files/postComment.phppredictiveعالي
4File/index.phppredictiveمتوسط
5File/xxxxxxxxx.xxxpredictiveعالي
6Filexxxxxx/xxxxx.xpredictiveعالي
7Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveعالي
8Filexxxxx.xxxpredictiveمتوسط
9Filexxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxxpredictiveعالي
10Filexxxxxxxx.xxxpredictiveمتوسط
11Filexxxxxxxxxxxxx/xxxxxpredictiveعالي
12Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveعالي
13Argumentxxxxxxxxxxpredictiveمتوسط
14Argumentxxxxxpredictiveواطئ
15Argumentxxxpredictiveواطئ
16Argumentxxxxxpredictiveواطئ
17Argumentxxxxxpredictiveواطئ
18Argumentxxxxxpredictiveواطئ
19Argumentxxxxpredictiveواطئ
20Argumentxxxxxxxx/xxxxxxxxpredictiveعالي
21Argumentxxxxxxxx/xxxxxxxxpredictiveعالي
22Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveعالي
23Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveعالي
24Input Value'xx''='predictiveواطئ
25Input Value-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--predictiveعالي
26Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveعالي
27Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!