Lebanese Cedar Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Временная шкала

Язык

en52

Страна

us48
cn2

Акторы

Lebanese Cedar2
NetWire1

Деятельность

Интерес

Временная шкала

Тип

Web Browser6
Not Defined6
Content Management System4
Ebook Software2
Wireless LAN Software2

Поставщик

Not Defined16
Google4
Cisco4
Adobe2
Microsoft2

Продукт

Google Chrome4
Adobe Digital Editions2
Microsoft Internet Explorer2
Cisco Aironet 18002
Cisco Aironet 28002

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1OpenSSL Pointer Arithmetic повреждение памяти9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.13651CVE-2016-2177
2Image Sharing Script followBoard.php Error sql-инъекция6.35.7$0-$5kРасчетProof-of-ConceptNot Defined0.020.00000
3Image Sharing Script postComment.php Stored межсайтовый скриптинг3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
4PHP Rental Classifieds Script sql-инъекция6.35.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00000
5GeniXCMS register.php sql-инъекция7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00171CVE-2016-10096
6Dreambox DM500 Web Server эскалация привилегий7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.040.02506CVE-2008-3936
7KeystoneJS CSRF Prevention неизвестная уязвимость6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00232CVE-2017-16570
8Moodle Assignment Submission Page межсайтовый скриптинг5.24.9$5k-$25kРасчетNot DefinedOfficial Fix0.000.00076CVE-2017-2578
9Friends in War Make/Break index.php sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
10Serendipity functions_entries.inc.php sql-инъекция7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00144CVE-2017-5609
11Image Sharing Script searchpin.php Reflected межсайтовый скриптинг3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
12b2evolution javascript URL _markdown.plugin.php межсайтовый скриптинг4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00078CVE-2017-5553
13Joomla CMS com_blog_calendar index.php sql-инъекция6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.030.00000
14IrfanView TOOLS Plugin повреждение памяти7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2017-9919
15Google Chrome File Download Malware эскалация привилегий6.46.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00706CVE-2018-6115
16Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account эскалация привилегий6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00351CVE-2018-0226
17Microsoft Internet Explorer повреждение памяти6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.14010CVE-2019-0940
18Microsoft Internet Explorer повреждение памяти7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00704CVE-2017-11827
19PostgreSQL Query эскалация привилегий7.57.2$0-$5kРасчетNot DefinedOfficial Fix0.000.00477CVE-2018-1058
20SimpleSAMLphp saml2 validateSignature отказ в обслуживании7.87.4$0-$5kРасчетNot DefinedOfficial Fix0.000.00748CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
168.65.122.109server172-1.web-hosting.comLebanese Cedar31.05.2021verifiedВысокий
2XX.XXX.XX.XXXxxxxxxxxxx.xxxXxxxxxxx Xxxxx31.05.2021verifiedВысокий
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxx Xxxxx31.05.2021verifiedВысокий
4XXX.XXX.X.XXXXxxxxxxx Xxxxx31.05.2021verifiedВысокий
5XXX.XXX.XXX.XXXxxxxxxx Xxxxx31.05.2021verifiedВысокий

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveВысокий
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/adminlogin.asppredictiveВысокий
2File/ajax-files/followBoard.phppredictiveВысокий
3File/ajax-files/postComment.phppredictiveВысокий
4File/index.phppredictiveСредний
5File/xxxxxxxxx.xxxpredictiveВысокий
6Filexxxxxx/xxxxx.xpredictiveВысокий
7Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveВысокий
8Filexxxxx.xxxpredictiveСредний
9Filexxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxxpredictiveВысокий
10Filexxxxxxxx.xxxpredictiveСредний
11Filexxxxxxxxxxxxx/xxxxxpredictiveВысокий
12Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveВысокий
13ArgumentxxxxxxxxxxpredictiveСредний
14ArgumentxxxxxpredictiveНизкий
15ArgumentxxxpredictiveНизкий
16ArgumentxxxxxpredictiveНизкий
17ArgumentxxxxxpredictiveНизкий
18ArgumentxxxxxpredictiveНизкий
19ArgumentxxxxpredictiveНизкий
20Argumentxxxxxxxx/xxxxxxxxpredictiveВысокий
21Argumentxxxxxxxx/xxxxxxxxpredictiveВысокий
22Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveВысокий
23Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveВысокий
24Input Value'xx''='predictiveНизкий
25Input Value-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--predictiveВысокий
26Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveВысокий
27Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Want to stay up to date on a daily basis?

Enable the mail alert feature now!