Skip to content

G0123 Volatile Cedar

Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. Volatile Cedar has been operating since 2012 and is motivated by political and ideological interests.21

Item Value
ID G0123
Associated Names Lebanese Cedar
Version 1.1
Created 08 February 2021
Last Modified 20 April 2022
Navigation Layer View In ATT&CK® Navigator

Associated Group Descriptions

Name Description
Lebanese Cedar 1

Techniques Used

Domain ID Name Use
enterprise T1595 Active Scanning -
enterprise T1595.002 Vulnerability Scanning Volatile Cedar has performed vulnerability scans of the target server.21
enterprise T1595.003 Wordlist Scanning Volatile Cedar has used DirBuster and GoBuster to brute force web directories and DNS subdomains.1
enterprise T1190 Exploit Public-Facing Application Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery.2 1
enterprise T1105 Ingress Tool Transfer Volatile Cedar can deploy additional tools.1
enterprise T1505 Server Software Component -
enterprise T1505.003 Web Shell Volatile Cedar can inject web shell code into a server.21


ID Name References Techniques
S0572 Caterpillar WebShell - Brute Force Windows Command Shell:Command and Scripting Interpreter Data from Local System Exfiltration Over C2 Channel File and Directory Discovery Ingress Tool Transfer Modify Registry Network Service Discovery Local Groups:Permission Groups Discovery Process Discovery Rootkit System Information Discovery System Network Configuration Discovery System Owner/User Discovery System Service Discovery
S0569 Explosive - Web Protocols:Application Layer Protocol Clipboard Data Data from Removable Media Symmetric Cryptography:Encrypted Channel Hidden Files and Directories:Hide Artifacts Ingress Tool Transfer Keylogging:Input Capture Modify Registry Native API System Information Discovery System Network Configuration Discovery System Owner/User Discovery


Back to top