“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers

Event ID1459
UUID3ada8ae4-a7bd-4732-ad66-0ff8fc0f80f5 
Creator orgCUDESO
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstlp:whitex   
Date2021-02-01
Threat LevelLow
AnalysisCompleted
DistributionAll communities   
PublishedYes 2022-08-17 17:20:34
#Attributes31 (0 Objects)
First recorded change2021-02-01 16:57:25
Last change2021-02-01 17:02:22
Modification map
Sightings0 (0) – restricted to own organisation only.  

Related Feeds (show)

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

1459: “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers

Galaxies

Threat Actor 

  •  Volatile Cedar   

Attack Pattern 

  •  File and Directory Discovery – T1083   
  •  Web Shell – T1505.003   
  •  Data from Local System – T1005   
  •  Fallback Channels – T1008   
  •  Exploit Public-Facing Application – T1190   
  •  Confluence – T1213.001   
  •  Acquire OSINT data sets and information – T1247   
  •  Determine 3rd party infrastructure services – T1260   
  •  Remote access tool development – T1351   

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2021-02-01External analysislinkhttps://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf    Inherit   (0/0/0)     
2021-02-01Payload deliverymd5a97fdcb6493c2012aeebdeef0e09625a     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd53188df195d09ee38d89707501e330c2f     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd5e9f0260409c6c964985fa4df926d7e04     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd5b54346cdaf9556eb88f3d95e0bad2be5     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd55d1f75bfc7cbd96891f26b1041fd5994     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd51aebf9d07fe6e82d97e062cdbe656a36     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd5544fdcce998fc7f4bb2914b3ec5b4761     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd54147d6beb17b507a5df345dae5f15c41     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd565954b4c60031fb857a09761497ff641     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd58ac64a171736252b81c4a559df1f9bae     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd5902bcc27ed86bc623e20532239895da7     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd5fef76a8027e07c7a51b312a26c488653     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd509a0970bfc1bc8acec1ec609d8d98fda     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd51316d35f6472eb323ae2c8b75199fbb5     Explosive RATInherit   (0/0/0)         
2021-02-01Payload deliverymd539887492c5c70977c0c0cf0aa0e7154b     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd593448b89c592985e22f60ab0d654787d     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd52adf71947e977b85e269d5962243215c     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd52d804386de4073bad642dfc816876d08     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd58ed3d1cadc4c2251ec606b9d6eb5d272     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd5f30f2184ed83929cf96157bc91210daa     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd57d58573b98597a010597423652ae3394     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd5150dc0141b8a0010bb5a82419b3293eb     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd561f46fa93083d3a160ac8356fbc15722     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd56ba944e9d3d96a46509204cd06ea2b11     WebShellInherit   (0/0/0)         
2021-02-01Payload deliverymd533af1cd4585da9ed804068b2a45fc8b4     WebShellInherit   (0/0/0)         
2021-02-01Network activityip-dst74.208.73.149     Inherit   (0/0/0)         
2021-02-01Network activityip-dst169.50.13.61     Inherit   (0/0/0)         
2021-02-01Network activityip-dst198.101.242.72     Inherit   (0/0/0)         
2021-02-01Network activityip-dst191.101.5.183     Inherit   (0/0/0)         
2021-02-01Network activityip-dst68.65.122.109     Inherit   (0/0/0)         

Page 1 of 1, showing 1 records out of 31 total, starting on record 1, ending on 31