G0123 Volatile Cedar
Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. Volatile Cedar has been operating since 2012 and is motivated by political and ideological interests.21
| Item | Value |
|---|---|
| ID | G0123 |
| Associated Names | Lebanese Cedar |
| Version | 1.1 |
| Created | 08 February 2021 |
| Last Modified | 20 April 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Associated Group Descriptions
| Name | Description |
|---|---|
| Lebanese Cedar | 1 |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1595 | Active Scanning | - |
| enterprise | T1595.002 | Vulnerability Scanning | Volatile Cedar has performed vulnerability scans of the target server.21 |
| enterprise | T1595.003 | Wordlist Scanning | Volatile Cedar has used DirBuster and GoBuster to brute force web directories and DNS subdomains.1 |
| enterprise | T1190 | Exploit Public-Facing Application | Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery.2 1 |
| enterprise | T1105 | Ingress Tool Transfer | Volatile Cedar can deploy additional tools.1 |
| enterprise | T1505 | Server Software Component | - |
| enterprise | T1505.003 | Web Shell | Volatile Cedar can inject web shell code into a server.21 |