Introduction
Volatile Cedar is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. Volatile Cedar has been operating since 2012 and is motivated by political and ideological interests. CheckPoint Volatile Cedar March 2015 ClearSky Lebanese Cedar Jan 2021
Activities and Tactics
Country of Origin: π³οΈ Lebanon
First Seen: 2015
Last Activity: 2015
Suspected Victims: Middle East, Israel, Lebanon, Saudi Arabia
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
- T1595.002 Vulnerability Scanning
- T1595.003 Wordlist Scanning
- T1505.003 Web Shell
- T1105 Ingress Tool Transfer
- T1190 Exploit Public-Facing Application
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- Explosive:
- Caterpillar 2:
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: Lebanon Additional attribution information pending cataloguing.
References
[1] mitre-attack [4] ClearSky Lebanese Cedar Jan 2021 ClearSky Cyber Security. (2021, January). βLebanese Cedarβ APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021. [5] CheckPoint Volatile Cedar March 2015 Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.