Calypso Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (192)

Язык

en	140
zh	40
de	4
es	4
ja	2

Страна

us	94
cn	68
gb	10
ru	4
il	2

Акторы

Calypso	13
Cobalt Strike	3
RedLine Stealer	2
Microcin	1
Indexsinas	1

Интерес

Тип

Not Defined	62
Content Management System	20
Operating System	14
Web Server	10
Router Operating System	8

Поставщик

Not Defined	56
Microsoft	18
Cisco	10
Apache	8
Mamboxchange	4

Продукт

Microsoft Windows	8
Cisco Unified Communications Manager	6
WordPress	6
Linux Kernel	4
Apache HTTP Server	4

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.52	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	Расчет	High	Workaround	0.02016	0.00	CVE-2007-1192
3	Cacti graph_settings.php эскалация привилегий	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01498	0.00	CVE-2014-5261
4	Linux Kernel File Permission sysctl_net.c net_ctl_permissions эскалация привилегий	5.1	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2013-4270
5	Cacti Utility api_poller.php sql-инъекция	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00422	0.02	CVE-2013-1434
6	cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar обход каталога	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.07	CVE-2022-4065
7	Redis Lua эскалация привилегий	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.97114	0.04	CVE-2022-0543
8	Sourcecodester Online Project Time Management System Users.php save_employee sql-инъекция	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00939	0.00	CVE-2022-26293
9	Atlassian JIRA Server/Data Center Dashboard Gadgets Preference Resource эскалация привилегий	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00098	0.00	CVE-2020-36287
10	OpenVPN Access Server LDAP слабая аутентификация	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00430	0.04	CVE-2020-8953
11	Navarino Infinity URL раскрытие информации	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01167	0.00	CVE-2018-5386
12	jQuery dataType script.js Cross-Domain межсайтовый скриптинг	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00660	0.09	CVE-2015-9251
13	Craig Patchett Fileseek FileSeek.cgi обход каталога	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01832	0.00	CVE-2002-0611
14	Cacti graph_settings.php sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00346	0.04	CVE-2014-5262
15	Cacti snmp.php эскалация привилегий	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01280	0.00	CVE-2013-1435
16	Microsoft Windows Service Pack 3 эскалация привилегий	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
17	Ideal BB.NET forums.aspx межсайтовый скриптинг	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
18	DCP-Portal forums.php sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
19	Kayako SupportSuite User Registration межсайтовый скриптинг	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
20	JDOM SAXBuilder отказ в обслуживании	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00480	0.00	CVE-2021-33813

Кампании (1)

These are the campaigns that can be associated with the actor:

Kazakhstan

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	5.183.178.181		Calypso	Kazakhstan	01.05.2022	verified	Высокий
2	5.188.228.53	indppur1.example.com	Calypso	Kazakhstan	01.05.2022	verified	Высокий
3	23.227.207.137	23-227-207-137.static.hvvc.us	Calypso		01.05.2022	verified	Высокий
4	45.63.96.120	45.63.96.120.vultrusercontent.com	Calypso		01.05.2022	verified	Высокий
5	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx		01.05.2022	verified	Высокий
6	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
7	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
8	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
9	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
10	XXX.XX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
11	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
12	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
13	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
14	XXX.XX.XXX.XXX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
15	XXX.XXX.XXX.XX	xxxxxxx.xx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
16	XXX.XXX.X.XXX	xxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
17	XXX.XXX.XXX.XXX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий
18	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01.05.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Высокий
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-95	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
9	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
12	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
14	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Высокий
15	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий
17	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	.htaccess	predictive	Средний
2	File	/admin/user/manage/add	predictive	Высокий
3	File	/api.php	predictive	Средний
4	File	/export	predictive	Низкий
5	File	/iisadmin	predictive	Средний
6	File	/inc/jquery/uploadify/uploadify.php	predictive	Высокий
7	File	/inc/parser/xhtml.php	predictive	Высокий
8	File	/includes/lib/detail.php	predictive	Высокий
9	File	/MIME/INBOX-MM-1/	predictive	Высокий
10	File	/ptms/classes/Users.php	predictive	Высокий
11	File	/public/plugins/	predictive	Высокий
12	File	/xxxxxxx/xxxxxxxx/xxxx.xxx	predictive	Высокий
13	File	/xxxxxxxx/xxxxxxx.xxx	predictive	Высокий
14	File	/xxxxxxxx/xxx/xxxxxxxxx.xxx	predictive	Высокий
15	File	/xxx-xxx/xxx.xxx	predictive	Высокий
16	File	/xxx/xxxxxxxx.xxx	predictive	Высокий
17	File	xxxxxxxxxxx.xxx	predictive	Высокий
18	File	xxx_xxxxxx.xxx	predictive	Высокий
19	File	xxxxxx.xxx	predictive	Средний
20	File	xxx.xxx	predictive	Низкий
21	File	xxxxxxxx_xxxxxxx.xxx	predictive	Высокий
22	File	xxx.xxx	predictive	Низкий
23	File	xxxxxxxxxx.xxx	predictive	Высокий
24	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
25	File	xxxxxx.xxx	predictive	Средний
26	File	xxxxxxx_xxxxxx.xxx	predictive	Высокий
27	File	xxxxxxxx.xxx	predictive	Средний
28	File	xxxxxx.xxxx	predictive	Средний
29	File	xxxxxx.xxx	predictive	Средний
30	File	xxxx.xxx	predictive	Средний
31	File	xxxxx_xxxxxxxx.xxx	predictive	Высокий
32	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	Высокий
33	File	xxxxx_xxxxxx.xxx	predictive	Высокий
34	File	xxx/xxxxxx.xxx	predictive	Высокий
35	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Высокий
36	File	xxxxx.xxx	predictive	Средний
37	File	xxxx_xxxxxxxx.xxxx	predictive	Высокий
38	File	xxxxxx/xxxxxxxxx.xxx	predictive	Высокий
39	File	xxx/xxxx/xx/xxxxxx.xxx	predictive	Высокий
40	File	xxx/xxxxxx_xxx.x	predictive	Высокий
41	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Высокий
42	File	xxxxxxxx.xxx	predictive	Средний
43	File	xxxxxxxx_xxxx.xxx	predictive	Высокий
44	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Высокий
45	File	xxxxxx.xx	predictive	Средний
46	File	xxxxxxxxx.xxx	predictive	Высокий
47	File	xxxxxxxxxxxx.xxx	predictive	Высокий
48	File	xxxxxxxxxxxxxxxx.xxx	predictive	Высокий
49	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
50	File	xxxx.xxx	predictive	Средний
51	File	xxxx-xxx	predictive	Средний
52	File	xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx	predictive	Высокий
53	File	xxxxxxxxx.xxx	predictive	Высокий
54	File	xxxxxxxxxxx.xxx	predictive	Высокий
55	File	xxxxxxx.xxx	predictive	Средний
56	File	xxxxxxxx.xxx	predictive	Средний
57	File	xx-xxxxx.xxx	predictive	Средний
58	Library	xxxxxxx.xxx	predictive	Средний
59	Library	xxx/xxxxxx/xxxxxx.xxx	predictive	Высокий
60	Library	xxx/xxx.xxx	predictive	Средний
61	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	Высокий
62	Argument	xxxx	predictive	Низкий
63	Argument	xxxxxxxx	predictive	Средний
64	Argument	xxxxx	predictive	Низкий
65	Argument	xxx	predictive	Низкий
66	Argument	xxxxxxxx	predictive	Средний
67	Argument	xxxx[xxxx]	predictive	Средний
68	Argument	xxxxx->xxxx	predictive	Средний
69	Argument	xxxx	predictive	Низкий
70	Argument	xxxxxxxx	predictive	Средний
71	Argument	xxxxxx	predictive	Низкий
72	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	Высокий
73	Argument	xxxx	predictive	Низкий
74	Argument	xxxx/xxxx	predictive	Средний
75	Argument	xxxx	predictive	Низкий
76	Argument	xx	predictive	Низкий
77	Argument	xxxxxxxxxx	predictive	Средний
78	Argument	xxxxxxx	predictive	Низкий
79	Argument	xxxxxx	predictive	Низкий
80	Argument	xxx_xxxxx	predictive	Средний
81	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Высокий
82	Argument	xxxxxxx	predictive	Низкий
83	Argument	xxxxx	predictive	Низкий
84	Argument	xxxxxxxxxxxxxx	predictive	Высокий
85	Argument	xxxxxxxxxx	predictive	Средний
86	Argument	xxx	predictive	Низкий
87	Argument	xxxxxxx_xx	predictive	Средний
88	Argument	xxxxxxxxx	predictive	Средний
89	Argument	xxxxxx	predictive	Низкий
90	Argument	xxxxxxxxx	predictive	Средний
91	Argument	xxx	predictive	Низкий
92	Argument	xxxx	predictive	Низкий
93	Argument	xxxxxxxx	predictive	Средний
94	Argument	xxxxxxxx/xxxxxxxx	predictive	Высокий
95	Input Value	;xx xxx.xxx.x.xxx xxxx -x /xxx/xxxx;	predictive	Высокий
96	Input Value	??x:\	predictive	Низкий
97	Network Port	xxx/xxxx (xx-xxx)	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!