Calypso Analysis

IOB - Indicator of Behavior (170)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en130
zh22
ja6
de4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us96
cn46
gb6
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Cisco Unified Communications Manager6
Netgear R62204
DZCP deV!L`z Clanportal4
Apache HTTP Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.400.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3Cacti graph_settings.php code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01408CVE-2014-5261
4Linux Kernel File Permission sysctl_net.c net_ctl_permissions input validation5.14.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01034CVE-2013-4270
5Cacti Utility api_poller.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01974CVE-2013-1434
6Redis Lua sandbox6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.94643CVE-2022-0543
7Sourcecodester Online Project Time Management System Users.php save_employee sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.01564CVE-2022-26293
8Atlassian JIRA Server/Data Center Dashboard Gadgets Preference Resource authorization7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-36287
9OpenVPN Access Server LDAP improper authentication8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-8953
10Navarino Infinity URL information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.010.01018CVE-2018-5386
11jQuery dataType script.js Cross-Domain cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.17112CVE-2015-9251
12Craig Patchett Fileseek FileSeek.cgi path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.04187CVE-2002-0611
13Cacti graph_settings.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01408CVE-2014-5262
14Cacti snmp.php code injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01408CVE-2013-1435
15Microsoft Windows Service Pack 3 privileges management5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.00000
16Ideal BB.NET forums.aspx cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00000
17DCP-Portal forums.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
18Kayako SupportSuite User Registration cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
19Adminer PDO Extension cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2021-29625
20Pureftpd pure-FTPd path traversal5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.080.00950CVE-2011-3171

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Kazakhstan

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/user/manage/addpredictiveHigh
3File/exportpredictiveLow
4File/iisadminpredictiveMedium
5File/inc/parser/xhtml.phppredictiveHigh
6File/includes/lib/detail.phppredictiveHigh
7File/MIME/INBOX-MM-1/predictiveHigh
8File/ptms/classes/Users.phppredictiveHigh
9File/public/plugins/predictiveHigh
10File/scripts/iisadmin/bdir.htrpredictiveHigh
11File/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
12File/xxx-xxx/xxx.xxxpredictiveHigh
13Filexxxxxxxxxxx.xxxpredictiveHigh
14Filexxx_xxxxxx.xxxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexxx.xxxpredictiveLow
17Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
18Filexxx.xxxpredictiveLow
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxx_xxxxxx.xxxpredictiveHigh
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxx.xxxxpredictiveMedium
25Filexxxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxx_xxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx_xxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxx_xxxxxxxx.xxxxpredictiveHigh
34Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
35Filexxx/xxxx/xx/xxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxx_xxx.xpredictiveHigh
37Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxx_xxxx.xxxpredictiveHigh
40Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
41Filexxxxxx.xxpredictiveMedium
42Filexxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxx-xxxpredictiveMedium
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexx-xxxxx.xxxpredictiveMedium
52Libraryxxxxxxx.xxxpredictiveMedium
53Libraryxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
54Libraryxxx/xxx.xxxpredictiveMedium
55Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxpredictiveLow
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxx->xxxxpredictiveMedium
62ArgumentxxxxpredictiveLow
63Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
64ArgumentxxxxpredictiveLow
65Argumentxxxx/xxxxpredictiveMedium
66ArgumentxxxxpredictiveLow
67ArgumentxxpredictiveLow
68ArgumentxxxxxxxxxxpredictiveMedium
69ArgumentxxxxxxpredictiveLow
70Argumentxxx_xxxxxpredictiveMedium
71Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxxxxxxxxpredictiveMedium
76ArgumentxxxpredictiveLow
77Argumentxxxxxxx_xxpredictiveMedium
78ArgumentxxxxxxxxxpredictiveMedium
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxxxxxpredictiveMedium
81ArgumentxxxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
85Input Value??x:\predictiveLow
86Network Portxxx/xxxx (xx-xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!