Volatile Cedar

Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. Volatile Cedar has been operating since 2012 and is motivated by political and ideological interests.[1][2]

ID: G0123
Associated Groups: Lebanese Cedar
Version: 1.1
Created: 08 February 2021
Last Modified: 20 April 2022

Associated Group Descriptions

Name Description
Lebanese Cedar

[2]

Techniques Used

Domain ID Name Use
Enterprise T1595 .002 Active Scanning: Vulnerability Scanning

Volatile Cedar has performed vulnerability scans of the target server.[1][2]

.003 Active Scanning: Wordlist Scanning

Volatile Cedar has used DirBuster and GoBuster to brute force web directories and DNS subdomains.[2]

Enterprise T1190 Exploit Public-Facing Application

Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery.[1] [2]

Enterprise T1105 Ingress Tool Transfer

Volatile Cedar can deploy additional tools.[2]

Enterprise T1505 .003 Server Software Component: Web Shell

Volatile Cedar can inject web shell code into a server.[1][2]

Software

References