Volatile Cedar  (Back to overview)

aka: Reuse team, Malware reusers, Dancing Salome, Lebanese Cedar

Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .

Associated Families

There are currently no families associated with this actor.

2021-01-28ClearSkyClearSky Research Team
@techreport{team:20210128:lebanese:94effe4, author = {ClearSky Research Team}, title = {{“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers}}, date = {2021-01-28}, institution = {ClearSky}, url = {}, language = {English}, urldate = {2021-01-29} } “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers
Volatile Cedar
2015-06-09Check PointCheck Point
@online{point:20150609:new:73a136b, author = {Check Point}, title = {{New Data: Volatile Cedar Malware Campaign}}, date = {2015-06-09}, organization = {Check Point}, url = {}, language = {English}, urldate = {2020-01-13} } New Data: Volatile Cedar Malware Campaign
Volatile Cedar
2015-03-31Kaspersky LabsKurt Baumgartner, Costin Raiu
@online{baumgartner:20150331:sinkholing:7a359b4, author = {Kurt Baumgartner and Costin Raiu}, title = {{Sinkholing Volatile Cedar DGA Infrastructure}}, date = {2015-03-31}, organization = {Kaspersky Labs}, url = {}, language = {English}, urldate = {2019-12-20} } Sinkholing Volatile Cedar DGA Infrastructure
Volatile Cedar
2015-03-31Check Point ResearchCheck Point Research
@online{research:20150331:volatile:416807b, author = {Check Point Research}, title = {{Volatile Cedar - Analysis of a Global Cyber Espionage Campaign}}, date = {2015-03-31}, organization = {Check Point Research}, url = {}, language = {English}, urldate = {2020-04-06} } Volatile Cedar - Analysis of a Global Cyber Espionage Campaign
Volatile Cedar

Credits: MISP Project