Redcore and Bluecore Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (65)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	66

Country

us	34
fr	16
gb	12
cn	4

Actors

Indexsinas	1
Redcore and Bluecore	1

Activities

Interest

Timeline

Type

Operating System	34
Web Browser	10
Not Defined	4
Programming Language Software	4
Smartphone Operating System	2

Vendor

Microsoft	26
Linux	14
Apple	8
Google	6
Oracle	4

Product

Linux Kernel	14
Microsoft Windows	14
Apple macOS	6
Google Chrome	6
Microsoft Edge	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Huawei SXXX VRP MPLS LSP Ping information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00096	0.17	CVE-2014-8570
2	OpenSLP out-of-bounds write	8.5	8.5	$0-$5k	$0-$5k	High	Not Defined	0.03272	0.05	CVE-2019-5544
3	VMware ESXi/Fusion/Workstation Virtual USB 1.1 UHCI memory corruption	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00665	0.05	CVE-2019-5519
4	Linux Kernel keyboard.c k_ascii integer overflow	6.5	6.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00077	0.00	CVE-2020-13974
5	Linux Kernel slip.c use after free	6.6	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00046	0.00	CVE-2020-14416
6	Linux Kernel VFIO PCI Driver exceptional condition	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00047	0.00	CVE-2020-12888
7	Linux Kernel btree.c btree_gc_coalesce input validation	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00110	0.00	CVE-2020-12771
8	Linux Kernel ACPI Table acpi_configfs.c authorization	5.4	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00047	0.04	CVE-2020-15780
9	Linux Kernel blktrace.c __blk_add_trace use after free	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00968	0.00	CVE-2019-19768
10	Linux Kernel ext4 Image xattr.c ext4_xattr_set_entry out-of-bounds write	6.5	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00099	0.00	CVE-2019-19319
11	Palo Alto PAN-OS Management Server buffer overflow	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.00	CVE-2020-2015
12	Palo Alto PAN-OS Management Server os command injection	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00238	0.00	CVE-2020-2014
13	Palo Alto PAN-OS Proxy Service authentication bypass	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00291	0.00	CVE-2020-2018
14	Microsoft Visual Studio Code Python Extension input validation	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03769	0.04	CVE-2020-1171
15	Microsoft Edge/ChakraCore Scripting Engine memory corruption	6.0	5.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.02046	0.03	CVE-2020-1065
16	Microsoft .NET Framework privileges management	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2020-1066
17	Microsoft .NET Core/.NET Framework denial of service	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00144	0.00	CVE-2020-1108
18	Microsoft Visual Studio/ASP.NET Core input validation	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00144	0.00	CVE-2020-1161
19	Microsoft Windows Print Spooler privileges management	7.8	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00043	0.00	CVE-2020-1070
20	Microsoft Windows Win32k privileges management	7.9	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.00454	0.03	CVE-2020-1054

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	2.4.17.15	lfbn-mon-1-592-15.w2-4.abo.wanadoo.fr	Redcore and Bluecore		06/03/2020	verified	High
2	XXX.XXX.XX.XX		Xxxxxxx Xxx Xxxxxxxx		06/03/2020	verified	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1068	CAPEC-122	CWE-264, CWE-269	Execution with Unnecessary Privileges	predictive	High
2	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
3	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	drivers/acpi/acpi_configfs.c	predictive	High
2	File	drivers/md/bcache/btree.c	predictive	High
3	File	xxxxxxx/xxx/xxxxxxxxxx/xxxxxx.x	predictive	High
4	File	xxxxxxx/xxx/xxxx/xxxx.x	predictive	High
5	File	xxxxxxx/xxxx/xxxxxx/xx.x	predictive	High
6	File	xxxxxxx/xxx/xx/xxxxxxxx.x	predictive	High
7	File	xx/xxxx/xxxxx.x	predictive	High
8	File	xx/xxxxxxx.x	predictive	Medium
9	File	xxxxxx/xxxxx/xxxxxxxx.x	predictive	High
10	File	xx/xxxxxxx.x	predictive	Medium
11	File	xx/xxxxxxx.x	predictive	Medium
12	File	xxx/xxxx/xxxx_xxxx.x	predictive	High
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xxxx.x	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!