Lebanese Cedar Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Sprache

en	48
de	2
fr	2

Land

us	38
de	2
fr	2

Akteure

Lebanese Cedar	1
NetWire	1

Interesse

Typ

Content Management System	6
Web Browser	6
Not Defined	4
Application Server Software	2
Wireless LAN Software	2

Hersteller

Not Defined	16
Cisco	4
Google	4
IBM	2
Adobe	2

Produkt

Google Chrome	4
IBM WebSphere Message Broker	2
Cisco Aironet 1800	2
Cisco Aironet 2800	2
Cisco Aironet 3800	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	OpenSSL Pointer Arithmetic Pufferüberlauf	9.8	9.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03	0.13651	CVE-2016-2177
2	Image Sharing Script followBoard.php Error SQL Injection	6.3	5.7	$0-$5k	Wird berechnet	Proof-of-Concept	Not Defined	0.02	0.00000
3	Image Sharing Script postComment.php Stored Cross Site Scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00000
4	PHP Rental Classifieds Script SQL Injection	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000
5	GeniXCMS register.php SQL Injection	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00171	CVE-2016-10096
6	Dreambox DM500 Webserver long URL Request Denial of Service	7.5	6.8	$25k-$100k	$0-$5k	Proof-of-Concept	Workaround	0.04	0.02506	CVE-2008-3936
7	KeystoneJS CSRF Prevention Cross Site Request Forgery	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00232	CVE-2017-16570
8	Moodle Assignment Submission Page Cross Site Scripting	5.2	4.9	$5k-$25k	Wird berechnet	Not Defined	Official Fix	0.00	0.00076	CVE-2017-2578
9	Friends in War Make/Break index.php SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00000
10	Serendipity functions_entries.inc.php SQL Injection	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00144	CVE-2017-5609
11	Image Sharing Script searchpin.php Reflected Cross Site Scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00000
12	b2evolution javascript URL _markdown.plugin.php Cross Site Scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00078	CVE-2017-5553
13	Joomla CMS com_blog_calendar index.php SQL Injection	6.3	6.1	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.03	0.00000
14	IrfanView TOOLS Plugin Pufferüberlauf	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00109	CVE-2017-9919
15	Google Chrome File Download Malware erweiterte Rechte	6.4	6.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00706	CVE-2018-6115
16	Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account erweiterte Rechte	6.9	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00351	CVE-2018-0226
17	Microsoft Internet Explorer Pufferüberlauf	6.0	5.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.14010	CVE-2019-0940
18	Microsoft Internet Explorer Pufferüberlauf	7.1	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03	0.00704	CVE-2017-11827
19	PostgreSQL Query erweiterte Rechte	7.5	7.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00477	CVE-2018-1058
20	SimpleSAMLphp saml2 validateSignature Denial of Service	7.8	7.4	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00748	CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	68.65.122.109	server172-1.web-hosting.com	Lebanese Cedar	31.05.2021	verifiziert	High
2	XX.XXX.XX.XXX	xxxxxxxxxx.xxx	Xxxxxxxx Xxxxx	31.05.2021	verifiziert	High
3	XXX.XX.XX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxxx Xxxxx	31.05.2021	verifiziert	High
4	XXX.XXX.X.XXX		Xxxxxxxx Xxxxx	31.05.2021	verifiziert	High
5	XXX.XXX.XXX.XX		Xxxxxxxx Xxxxx	31.05.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
2	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	prädiktiv	High
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/adminlogin.asp	prädiktiv	High
2	File	/ajax-files/followBoard.php	prädiktiv	High
3	File	/ajax-files/postComment.php	prädiktiv	High
4	File	/index.php	prädiktiv	Medium
5	File	/xxxxxxxxx.xxx	prädiktiv	High
6	File	xxxxxx/xxxxx.x	prädiktiv	High
7	File	xxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxx	prädiktiv	High
8	File	xxxxx.xxx	prädiktiv	Medium
9	File	xxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxx	prädiktiv	High
10	File	xxxxxxxx.xxx	prädiktiv	Medium
11	File	xxxxxxxxxxxxx/xxxxx	prädiktiv	High
12	File	xx-xxxxxxxx/xx-xxxxxxxxx.xxx	prädiktiv	High
13	Argument	xxxxxxxxxx	prädiktiv	Medium
14	Argument	xxxxx	prädiktiv	Low
15	Argument	xxx	prädiktiv	Low
16	Argument	xxxxx	prädiktiv	Low
17	Argument	xxxxx	prädiktiv	Low
18	Argument	xxxxx	prädiktiv	Low
19	Argument	xxxx	prädiktiv	Low
20	Argument	xxxxxxxx/xxxxxxxx	prädiktiv	High
21	Argument	xxxxxxxx/xxxxxxxx	prädiktiv	High
22	Input Value	"><xxx xxx=x xxxxxxx=xxxxxx(x)>	prädiktiv	High
23	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	prädiktiv	High
24	Input Value	'xx''='	prädiktiv	Low
25	Input Value	-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--	prädiktiv	High
26	Input Value	xxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxx	prädiktiv	High
27	Input Value	<xxx xxx=x xxxxxxx=xxxxxx(x)>	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!