Lebanese Cedar 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

言語

en	48
fr	4

国・地域

us	42
fr	4
cn	2

アクター

Lebanese Cedar	2
NetWire	1

関心

タイプ

Not Defined	8
Web Browser	6
Content Management System	6
Programming Language Software	2
Router Operating System	2

ベンダー

Not Defined	16
Microsoft	4
Cisco	2
IBM	2
Adobe	2

製品

Image Sharing Script	4
Microsoft Internet Explorer	4
PHP Rental Classifieds Script	2
SimpleSAMLphp	2
Cisco NX-OS	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	OpenSSL Pointer Arithmetic メモリ破損	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.15220	0.02	CVE-2016-2177
2	Image Sharing Script followBoard.php Error SQLインジェクション	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
3	Image Sharing Script postComment.php Stored クロスサイトスクリプティング	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
4	PHP Rental Classifieds Script SQLインジェクション	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
5	GeniXCMS register.php SQLインジェクション	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00171	0.00	CVE-2016-10096
6	Dreambox DM500 Web Server 特権昇格	7.5	6.8	$25k-$100k	$0-$5k	Proof-of-Concept	Workaround	0.02506	0.04	CVE-2008-3936
7	KeystoneJS CSRF Prevention 未知の脆弱性	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00232	0.03	CVE-2017-16570
8	Moodle Assignment Submission Page クロスサイトスクリプティング	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2017-2578
9	Friends in War Make/Break index.php SQLインジェクション	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
10	Serendipity functions_entries.inc.php SQLインジェクション	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00144	0.00	CVE-2017-5609
11	Image Sharing Script searchpin.php Reflected クロスサイトスクリプティング	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
12	b2evolution javascript URL _markdown.plugin.php クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.03	CVE-2017-5553
13	Joomla CMS com_blog_calendar index.php SQLインジェクション	6.3	6.1	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00000	0.03
14	IrfanView TOOLS Plugin メモリ破損	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.00	CVE-2017-9919
15	Google Chrome File Download Malware 特権昇格	6.4	6.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00706	0.00	CVE-2018-6115
16	Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account 特権昇格	6.9	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00351	0.00	CVE-2018-0226
17	Microsoft Internet Explorer メモリ破損	6.0	5.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.14010	0.00	CVE-2019-0940
18	Microsoft Internet Explorer メモリ破損	7.1	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00704	0.03	CVE-2017-11827
19	PostgreSQL Query 特権昇格	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00477	0.00	CVE-2018-1058
20	SimpleSAMLphp saml2 validateSignature サービス拒否	7.8	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00748	0.00	CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	68.65.122.109	server172-1.web-hosting.com	Lebanese Cedar	2021年05月31日	verified	高
2	XX.XXX.XX.XXX	xxxxxxxxxx.xxx	Xxxxxxxx Xxxxx	2021年05月31日	verified	高
3	XXX.XX.XX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxxxx Xxxxx	2021年05月31日	verified	高
4	XXX.XXX.X.XXX		Xxxxxxxx Xxxxx	2021年05月31日	verified	高
5	XXX.XXX.XXX.XX		Xxxxxxxx Xxxxx	2021年05月31日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
2	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	高
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/adminlogin.asp	predictive	高
2	File	/ajax-files/followBoard.php	predictive	高
3	File	/ajax-files/postComment.php	predictive	高
4	File	/index.php	predictive	中
5	File	/xxxxxxxxx.xxx	predictive	高
6	File	xxxxxx/xxxxx.x	predictive	高
7	File	xxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxx	predictive	高
8	File	xxxxx.xxx	predictive	中
9	File	xxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxx	predictive	高
10	File	xxxxxxxx.xxx	predictive	中
11	File	xxxxxxxxxxxxx/xxxxx	predictive	高
12	File	xx-xxxxxxxx/xx-xxxxxxxxx.xxx	predictive	高
13	Argument	xxxxxxxxxx	predictive	中
14	Argument	xxxxx	predictive	低
15	Argument	xxx	predictive	低
16	Argument	xxxxx	predictive	低
17	Argument	xxxxx	predictive	低
18	Argument	xxxxx	predictive	低
19	Argument	xxxx	predictive	低
20	Argument	xxxxxxxx/xxxxxxxx	predictive	高
21	Argument	xxxxxxxx/xxxxxxxx	predictive	高
22	Input Value	"><xxx xxx=x xxxxxxx=xxxxxx(x)>	predictive	高
23	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	高
24	Input Value	'xx''='	predictive	低
25	Input Value	-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--	predictive	高
26	Input Value	xxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxx	predictive	高
27	Input Value	<xxx xxx=x xxxxxxx=xxxxxx(x)>	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!