Calypso Analysis

IOB - Indicator of Behavior (170)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	130
zh	22
ja	6
de	4
it	2

Country

us	96
cn	46
gb	6
ru	4
de	2

Actors

Calypso	13
Indexsinas	1
Snatch	1
FIN7	1
IcedID	1

Activities

Interest

Timeline

Type

Not Defined	56
Operating System	14
Content Management System	12
Router Operating System	10
Web Server	6

Vendor

Not Defined	56
Microsoft	14
Cisco	10
Apache	8
Netgear	4

Product

Microsoft Windows	6
Cisco Unified Communications Manager	6
Netgear R6220	4
DZCP deV!L`z Clanportal	4
Apache HTTP Server	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.40	0.04187	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.04	0.04187	CVE-2007-1192
3	Cacti graph_settings.php code injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.01408	CVE-2014-5261
4	Linux Kernel File Permission sysctl_net.c net_ctl_permissions input validation	5.1	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.01034	CVE-2013-4270
5	Cacti Utility api_poller.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.01974	CVE-2013-1434
6	Redis Lua sandbox	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.94643	CVE-2022-0543
7	Sourcecodester Online Project Time Management System Users.php save_employee sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01	0.01564	CVE-2022-26293
8	Atlassian JIRA Server/Data Center Dashboard Gadgets Preference Resource authorization	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00885	CVE-2020-36287
9	OpenVPN Access Server LDAP improper authentication	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00885	CVE-2020-8953
10	Navarino Infinity URL information disclosure	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.01018	CVE-2018-5386
11	jQuery dataType script.js Cross-Domain cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.17112	CVE-2015-9251
12	Craig Patchett Fileseek FileSeek.cgi path traversal	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.04187	CVE-2002-0611
13	Cacti graph_settings.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.01408	CVE-2014-5262
14	Cacti snmp.php code injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.01408	CVE-2013-1435
15	Microsoft Windows Service Pack 3 privileges management	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01	0.00000
16	Ideal BB.NET forums.aspx cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01	0.00000
17	DCP-Portal forums.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00000
18	Kayako SupportSuite User Registration cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00000
19	Adminer PDO Extension cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00954	CVE-2021-29625
20	Pureftpd pure-FTPd path traversal	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00950	CVE-2011-3171

Campaigns (1)

These are the campaigns that can be associated with the actor:

Kazakhstan

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	5.183.178.181		Calypso	Kazakhstan	verified	High
2	5.188.228.53	indppur1.example.com	Calypso	Kazakhstan	verified	High
3	23.227.207.137	23-227-207-137.static.hvvc.us	Calypso		verified	High
4	45.63.96.120	45.63.96.120.vultrusercontent.com	Calypso		verified	High
5	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx		verified	High
6	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	verified	High
7	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	verified	High
8	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	verified	High
9	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High
10	XXX.XX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	verified	High
11	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High
12	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxx	verified	High
13	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	verified	High
14	XXX.XX.XXX.XXX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High
15	XXX.XXX.XXX.XX	xxxxxxx.xx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High
16	XXX.XXX.X.XXX	xxxx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High
17	XXX.XXX.XXX.XXX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High
18	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1055	CWE-74	Injection	predictive	High
3	T1059	CWE-94	Cross Site Scripting	predictive	High
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
12	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	High
15	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
16	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	.htaccess	predictive	Medium
2	File	/admin/user/manage/add	predictive	High
3	File	/export	predictive	Low
4	File	/iisadmin	predictive	Medium
5	File	/inc/parser/xhtml.php	predictive	High
6	File	/includes/lib/detail.php	predictive	High
7	File	/MIME/INBOX-MM-1/	predictive	High
8	File	/ptms/classes/Users.php	predictive	High
9	File	/public/plugins/	predictive	High
10	File	/scripts/iisadmin/bdir.htr	predictive	High
11	File	/xxxxxxxx/xxxxxxx.xxx	predictive	High
12	File	/xxx-xxx/xxx.xxx	predictive	High
13	File	xxxxxxxxxxx.xxx	predictive	High
14	File	xxx_xxxxxx.xxx	predictive	High
15	File	xxxxxx.xxx	predictive	Medium
16	File	xxx.xxx	predictive	Low
17	File	xxxxxxxx_xxxxxxx.xxx	predictive	High
18	File	xxx.xxx	predictive	Low
19	File	xxxxxxxxxx.xxx	predictive	High
20	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
21	File	xxxxxx.xxx	predictive	Medium
22	File	xxxxxxx_xxxxxx.xxx	predictive	High
23	File	xxxxxxxx.xxx	predictive	Medium
24	File	xxxxxx.xxxx	predictive	Medium
25	File	xxxxxx.xxx	predictive	Medium
26	File	xxxx.xxx	predictive	Medium
27	File	xxxxx_xxxxxxxx.xxx	predictive	High
28	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	High
29	File	xxxxx_xxxxxx.xxx	predictive	High
30	File	xxx/xxxxxx.xxx	predictive	High
31	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	High
32	File	xxxxx.xxx	predictive	Medium
33	File	xxxx_xxxxxxxx.xxxx	predictive	High
34	File	xxxxxx/xxxxxxxxx.xxx	predictive	High
35	File	xxx/xxxx/xx/xxxxxx.xxx	predictive	High
36	File	xxx/xxxxxx_xxx.x	predictive	High
37	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	High
38	File	xxxxxxxx.xxx	predictive	Medium
39	File	xxxxxxxx_xxxx.xxx	predictive	High
40	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	High
41	File	xxxxxx.xx	predictive	Medium
42	File	xxxxxxxxx.xxx	predictive	High
43	File	xxxxxxxxxxxx.xxx	predictive	High
44	File	xxxxxxxxxxxxxxxx.xxx	predictive	High
45	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	High
46	File	xxxx.xxx	predictive	Medium
47	File	xxxx-xxx	predictive	Medium
48	File	xxxxxxxxx.xxx	predictive	High
49	File	xxxxxxx.xxx	predictive	Medium
50	File	xxxxxxxx.xxx	predictive	Medium
51	File	xx-xxxxx.xxx	predictive	Medium
52	Library	xxxxxxx.xxx	predictive	Medium
53	Library	xxx/xxxxxx/xxxxxx.xxx	predictive	High
54	Library	xxx/xxx.xxx	predictive	Medium
55	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	High
56	Argument	xxxx	predictive	Low
57	Argument	xxxxxxxx	predictive	Medium
58	Argument	xxxxx	predictive	Low
59	Argument	xxx	predictive	Low
60	Argument	xxxxxxxx	predictive	Medium
61	Argument	xxxxx->xxxx	predictive	Medium
62	Argument	xxxx	predictive	Low
63	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	High
64	Argument	xxxx	predictive	Low
65	Argument	xxxx/xxxx	predictive	Medium
66	Argument	xxxx	predictive	Low
67	Argument	xx	predictive	Low
68	Argument	xxxxxxxxxx	predictive	Medium
69	Argument	xxxxxx	predictive	Low
70	Argument	xxx_xxxxx	predictive	Medium
71	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	High
72	Argument	xxxxxxx	predictive	Low
73	Argument	xxxxx	predictive	Low
74	Argument	xxxxxxxxxxxxxx	predictive	High
75	Argument	xxxxxxxxxx	predictive	Medium
76	Argument	xxx	predictive	Low
77	Argument	xxxxxxx_xx	predictive	Medium
78	Argument	xxxxxxxxx	predictive	Medium
79	Argument	xxxxxx	predictive	Low
80	Argument	xxxxxxxxx	predictive	Medium
81	Argument	xxx	predictive	Low
82	Argument	xxxx	predictive	Low
83	Argument	xxxxxxxx	predictive	Medium
84	Argument	xxxxxxxx/xxxxxxxx	predictive	High
85	Input Value	??x:\	predictive	Low
86	Network Port	xxx/xxxx (xx-xxx)	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!