LBG0123

Volatile CedarVolatile Cedar

Also known as: Lebanese Cedar · DeftTorero · Volatile Cedar

Origin
LB
Known aliases
3

Profile

Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive.

Aliases· 3

Lebanese CedarDeftToreroVolatile Cedar

MITRE ATT&CK Group crosswalk

G0123

References

  1. https://blog.checkpoint.com/2015/03/31/volatilecedar/
  2. https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/
  3. https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/
  4. https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
  5. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf
  6. https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Explosive
Actor
TERBIUM
Actor
Molerats
Actor
ModifiedElephant
Actor
Cuboid Sandstorm
Actor
Cleaver
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.