Lebanese Cedar Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
fr4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
fr4
cn2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lebanese Cedar2
NetWire1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System8
Web Browser4
Database Software2
Not Defined2
Image Processing Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Dreambox2
Microsoft2
Cisco2
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PostgreSQL2
GeniXCMS2
Dreambox DM5002
Microsoft Internet Explorer2
IrfanView2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1OpenSSL Pointer Arithmetic integer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.152200.02CVE-2016-2177
2Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
3Image Sharing Script postComment.php Stored cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
4PHP Rental Classifieds Script sql injection6.35.8$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
5GeniXCMS register.php sql injection7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001710.00CVE-2016-10096
6Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.025060.00CVE-2008-3936
7KeystoneJS CSRF Prevention cross-site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002320.03CVE-2017-16570
8Moodle Assignment Submission Page cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2017-2578
9Friends in War Make/Break index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Serendipity functions_entries.inc.php sql injection7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001440.00CVE-2017-5609
11Image Sharing Script searchpin.php Reflected cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
12b2evolution javascript URL _markdown.plugin.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.03CVE-2017-5553
13Joomla CMS com_blog_calendar index.php sql injection6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.000000.03
14IrfanView TOOLS Plugin memory corruption7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2017-9919
15Google Chrome File Download Malware input validation6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.007060.00CVE-2018-6115
16Cisco Aironet 1800/Aironet 2800/Aironet 3800 SSH Account credentials management6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003510.00CVE-2018-0226
17Microsoft Internet Explorer memory corruption6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.140100.00CVE-2019-0940
18Microsoft Internet Explorer memory corruption7.16.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.007040.03CVE-2017-11827
19PostgreSQL Query access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004770.04CVE-2018-1058
20SimpleSAMLphp saml2 validateSignature resource management7.87.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2016-9814

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
168.65.122.109server172-1.web-hosting.comLebanese Cedar05/31/2021verifiedHigh
2XX.XXX.XX.XXXxxxxxxxxxx.xxxXxxxxxxx Xxxxx05/31/2021verifiedHigh
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxx Xxxxx05/31/2021verifiedHigh
4XXX.XXX.X.XXXXxxxxxxx Xxxxx05/31/2021verifiedHigh
5XXX.XXX.XXX.XXXxxxxxxx Xxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CAPEC-19CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminlogin.asppredictiveHigh
2File/ajax-files/followBoard.phppredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/index.phppredictiveMedium
5File/xxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxx.xpredictiveHigh
7Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxx/xxxxxxxx_xxxxxx/_xxxxxxxx.xxxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxx/xxxxxpredictiveHigh
12Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
13ArgumentxxxxxxxxxxpredictiveMedium
14ArgumentxxxxxpredictiveLow
15ArgumentxxxpredictiveLow
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxpredictiveLow
19ArgumentxxxxpredictiveLow
20Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
21Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
22Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
23Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
24Input Value'xx''='predictiveLow
25Input Value-xxxx+xxxxx+xxx+xxxxxx+xxxx,xxxx,xxxx,xxxx,xxxxxxx(),xxxx--predictiveHigh
26Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
27Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!