Calypso Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (191)

Sequenza temporale

Linguaggio

en136
zh36
it6
ja4
de4

Nazione

us106
cn64
gb6
ro2
ir2

Attori

Calypso12
Cobalt Strike3
RedLine Stealer2
pupy1
Microcin1

Attività

Interesse

Sequenza temporale

Genere

Not Defined66
Content Management System22
Operating System14
Router Operating System8
Web Server6

Fornitore

Not Defined54
Microsoft8
Cisco6
Apache6
Virtual Programming4

Prodotto

Microsoft Windows8
Cisco Unified Communications Manager4
Cisco Unified Communications Manager Session Manag ...4
FreeBSD4
Virtual Programming VP-ASP4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.91CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Cacti graph_settings.php escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.014980.02CVE-2014-5261
4Linux Kernel File Permission sysctl_net.c net_ctl_permissions escalazione di privilegi5.14.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2013-4270
5Cacti Utility api_poller.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004220.02CVE-2013-1434
6cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar directory traversal6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.04CVE-2022-4065
7Redis Lua escalazione di privilegi6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.970530.00CVE-2022-0543
8Sourcecodester Online Project Time Management System Users.php save_employee sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.009390.00CVE-2022-26293
9Atlassian JIRA Server/Data Center Dashboard Gadgets Preference Resource escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000980.00CVE-2020-36287
10OpenVPN Access Server LDAP autenticazione debole8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004300.04CVE-2020-8953
11Navarino Infinity URL rivelazione di un 'informazione6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.018670.00CVE-2018-5386
12jQuery dataType script.js Cross-Domain cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.006600.04CVE-2015-9251
13Craig Patchett Fileseek FileSeek.cgi directory traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.049640.00CVE-2002-0611
14Cacti graph_settings.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003460.00CVE-2014-5262
15Cacti snmp.php escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.012800.02CVE-2013-1435
16Microsoft Windows Service Pack 3 escalazione di privilegi5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
17Ideal BB.NET forums.aspx cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
18DCP-Portal forums.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
19Kayako SupportSuite User Registration cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
20Dovecot escalazione di privilegi6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002750.04CVE-2011-4318

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Kazakhstan

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.183.178.181CalypsoKazakhstan01/05/2022verifiedAlto
25.188.228.53indppur1.example.comCalypsoKazakhstan01/05/2022verifiedAlto
323.227.207.13723-227-207-137.static.hvvc.usCalypso01/05/2022verifiedAlto
445.63.96.12045.63.96.120.vultrusercontent.comCalypso01/05/2022verifiedAlto
5XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx01/05/2022verifiedAlto
6XX.XXX.XXX.XXXXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
7XX.XXX.XXX.XXXXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
8XX.XXX.XXX.XXXXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
9XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
10XXX.XX.XXX.XXXXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
11XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
12XXX.XXX.XX.XXXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
13XXX.XXX.XXX.XXXXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
14XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
15XXX.XXX.XXX.XXxxxxxxx.xx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
16XXX.XXX.X.XXXxxxx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
17XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto
18XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxXxxxxxxxxx01/05/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File.htaccesspredictiveMedia
2File/admin/user/manage/addpredictiveAlto
3File/api.phppredictiveMedia
4File/exportpredictiveBasso
5File/iisadminpredictiveMedia
6File/inc/jquery/uploadify/uploadify.phppredictiveAlto
7File/inc/parser/xhtml.phppredictiveAlto
8File/includes/lib/detail.phppredictiveAlto
9File/MIME/INBOX-MM-1/predictiveAlto
10File/ptms/classes/Users.phppredictiveAlto
11File/public/plugins/predictiveAlto
12File/xxxxxxx/xxxxxxxx/xxxx.xxxpredictiveAlto
13File/xxxxxxxx/xxxxxxx.xxxpredictiveAlto
14File/xxxxxxxx/xxx/xxxxxxxxx.xxxpredictiveAlto
15File/xxx-xxx/xxx.xxxpredictiveAlto
16File/xxx/xxxxxxxx.xxxpredictiveAlto
17Filexxxxxxxxxxx.xxxpredictiveAlto
18Filexxx_xxxxxx.xxxpredictiveAlto
19Filexxxxxx.xxxpredictiveMedia
20Filexxx.xxxpredictiveBasso
21Filexxxxxxxx_xxxxxxx.xxxpredictiveAlto
22Filexxx.xxxpredictiveBasso
23Filexxxxxxxxxx.xxxpredictiveAlto
24Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
25Filexxxxxx.xxxpredictiveMedia
26Filexxxxxxx_xxxxxx.xxxpredictiveAlto
27Filexxxxxxxx.xxxpredictiveMedia
28Filexxxxxx.xxxxpredictiveMedia
29Filexxxxxx.xxxpredictiveMedia
30Filexxxx.xxxpredictiveMedia
31Filexxxxx_xxxxxxxx.xxxpredictiveAlto
32Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxx_xxxxxx.xxxpredictiveAlto
34Filexxx/xxxxxx.xxxpredictiveAlto
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
36Filexxxxx.xxxpredictiveMedia
37Filexxxx_xxxxxxxx.xxxxpredictiveAlto
38Filexxxxxx/xxxxxxxxx.xxxpredictiveAlto
39Filexxx/xxxx/xx/xxxxxx.xxxpredictiveAlto
40Filexxx/xxxxxx_xxx.xpredictiveAlto
41Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
42Filexxxxxxxx.xxxpredictiveMedia
43Filexxxxxxxx_xxxx.xxxpredictiveAlto
44Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
45Filexxxxxx.xxpredictiveMedia
46Filexxxxxxxxx.xxxpredictiveAlto
47Filexxxxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
49Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
50Filexxxx.xxxpredictiveMedia
51Filexxxx-xxxpredictiveMedia
52Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveAlto
53Filexxxxxxxxx.xxxpredictiveAlto
54Filexxxxxxxxxxx.xxxpredictiveAlto
55Filexxxxxxx.xxxpredictiveMedia
56Filexxxxxxxx.xxxpredictiveMedia
57Filexx-xxxxx.xxxpredictiveMedia
58Libraryxxxxxxx.xxxpredictiveMedia
59Libraryxxx/xxxxxx/xxxxxx.xxxpredictiveAlto
60Libraryxxx/xxx.xxxpredictiveMedia
61Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveAlto
62ArgumentxxxxpredictiveBasso
63ArgumentxxxxxxxxpredictiveMedia
64ArgumentxxxxxpredictiveBasso
65ArgumentxxxpredictiveBasso
66ArgumentxxxxxxxxpredictiveMedia
67Argumentxxxx[xxxx]predictiveMedia
68Argumentxxxxx->xxxxpredictiveMedia
69ArgumentxxxxpredictiveBasso
70ArgumentxxxxxxxxpredictiveMedia
71ArgumentxxxxxxpredictiveBasso
72Argumentxxxxxxx[xx_xxx_xxxx]predictiveAlto
73ArgumentxxxxpredictiveBasso
74Argumentxxxx/xxxxpredictiveMedia
75ArgumentxxxxpredictiveBasso
76ArgumentxxpredictiveBasso
77ArgumentxxxxxxxxxxpredictiveMedia
78ArgumentxxxxxxxpredictiveBasso
79ArgumentxxxxxxpredictiveBasso
80Argumentxxx_xxxxxpredictiveMedia
81Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
82ArgumentxxxxxxxpredictiveBasso
83ArgumentxxxxxpredictiveBasso
84ArgumentxxxxxxxxxxxxxxpredictiveAlto
85ArgumentxxxxxxxxxxpredictiveMedia
86ArgumentxxxpredictiveBasso
87Argumentxxxxxxx_xxpredictiveMedia
88ArgumentxxxxxxxxxpredictiveMedia
89ArgumentxxxxxxpredictiveBasso
90ArgumentxxxxxxxxxpredictiveMedia
91ArgumentxxxpredictiveBasso
92ArgumentxxxxpredictiveBasso
93ArgumentxxxxxxxxpredictiveMedia
94Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
95Input Value;xx xxx.xxx.x.xxx xxxx -x /xxx/xxxx;predictiveAlto
96Input Value??x:\predictiveBasso
97Network Portxxx/xxxx (xx-xxx)predictiveAlto

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!