Volatile Cedar
Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. Volatile Cedar has been operating since 2012 and is motivated by political and ideological interests.[1][2]
ID: G0123
ⓘ
Associated Groups: Lebanese Cedar
Version: 1.1
Created: 08 February 2021
Last Modified: 20 April 2022
Associated Group Descriptions
| Name | Description |
|---|---|
| Lebanese Cedar |
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1595 | .002 | 主动扫描: Vulnerability Scanning |
Volatile Cedar has performed vulnerability scans of the target server.[1][2] |
| .003 | 主动扫描: Wordlist Scanning |
Volatile Cedar has used DirBuster and GoBuster to brute force web directories and DNS subdomains.[2] |
||
| Enterprise | T1190 | 利用公开应用程序漏洞 |
Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery.[1] [2] |
|
| Enterprise | T1505 | .003 | 服务器软件组件: Web Shell |
Volatile Cedar can inject web shell code into a server.[1][2] |
| Enterprise | T1105 | 输入工具传输 |
Volatile Cedar can deploy additional tools.[2] |
|
Software
| ID | Name | References | Techniques |
|---|---|---|---|
| S0572 | Caterpillar WebShell | [2][1] | Rootkit, 从本地系统获取数据, 修改注册表, 命令与脚本解释器: Windows Command Shell, 文件和目录发现, 暴力破解, 权限组发现: Local Groups, 系统信息发现, 系统所有者/用户发现, 系统服务发现, 系统网络配置发现, 网络服务发现, 输入工具传输, 进程发现, 通过C2信道渗出 |
| S0569 | Explosive | [1][2] | 从可移动介质获取数据, 修改注册表, 剪贴板数据, 加密通道: Symmetric Cryptography, 应用层协议: Web Protocols, 本机API, 系统信息发现, 系统所有者/用户发现, 系统网络配置发现, 输入工具传输, 输入捕获: Keylogging, 隐藏伪装: Hidden Files and Directories |