1. Home
  2. Groups
  3. Volatile Cedar

Volatile Cedar

Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. Volatile Cedar has been operating since 2012 and is motivated by political and ideological interests.[1][2]

ID: G0123
Associated Groups: Lebanese Cedar
Version: 1.1
Created: 08 February 2021
Last Modified: 20 April 2022

Associated Group Descriptions

Name Description
Lebanese Cedar

[2]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1595 .002 Active Scanning: Vulnerability Scanning

Volatile Cedar has performed vulnerability scans of the target server.[1][2]
.003 Active Scanning: Wordlist Scanning

Volatile Cedar has used DirBuster and GoBuster to brute force web directories and DNS subdomains.[2]
Enterprise T1190 Exploit Public-Facing Application

Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery.[1] [2]

Enterprise T1105 Ingress Tool Transfer

Volatile Cedar can deploy additional tools.[2]
Enterprise T1505 .003 Server Software Component: Web Shell

Volatile Cedar can inject web shell code into a server.[1][2]

Software

ID Name References Techniques
S0572 Caterpillar WebShell [2][1] Brute Force, Command and Scripting Interpreter: Windows Command Shell, Data from Local System, Exfiltration Over C2 Channel, File and Directory Discovery, Ingress Tool Transfer, Modify Registry, Network Service Discovery, Permission Groups Discovery: Local Groups, Process Discovery, Rootkit, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery, System Service Discovery
S0569 Explosive [1][2] Application Layer Protocol: Web Protocols, Clipboard Data, Data from Removable Media, Encrypted Channel: Symmetric Cryptography, Hide Artifacts: Hidden Files and Directories, Ingress Tool Transfer, Input Capture: Keylogging, Modify Registry, Native API, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery

References

  1. Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.
  1. ClearSky Cyber Security. (2021, January). “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021.