Calypso Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (192)

Lang

en	146
zh	30
ja	6
de	4
sv	2

Land

us	102
cn	62
gb	8
in	4
ru	2

Skådespelare

Calypso	12
Cobalt Strike	3
RedLine Stealer	2
pupy	1
PlugX	1

Intressera

Typ

Not Defined	56
Content Management System	18
Operating System	14
Router Operating System	12
Unified Communication Software	8

Säljare

Not Defined	56
Microsoft	14
Cisco	10
Apache	6
Atlassian	4

Produkt

Microsoft Windows	8
Cisco Unified Communications Manager	8
Cisco Unified Communications Manager Session Manag ...	6
Cacti	6
Atlassian JIRA Server	4

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.38	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	Cacti graph_settings.php privilegier eskalering	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01498	0.02	CVE-2014-5261
4	Linux Kernel File Permission sysctl_net.c net_ctl_permissions privilegier eskalering	5.1	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2013-4270
5	Cacti Utility api_poller.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00422	0.02	CVE-2013-1434
6	cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar kataloggenomgång	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.14	CVE-2022-4065
7	Redis Lua privilegier eskalering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97053	0.00	CVE-2022-0543
8	Sourcecodester Online Project Time Management System Users.php save_employee sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00939	0.00	CVE-2022-26293
9	Atlassian JIRA Server/Data Center Dashboard Gadgets Preference Resource privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00098	0.00	CVE-2020-36287
10	OpenVPN Access Server LDAP svag autentisering	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00430	0.04	CVE-2020-8953
11	Navarino Infinity URL informationsgivning	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01867	0.00	CVE-2018-5386
12	jQuery dataType script.js Cross-Domain cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00660	0.19	CVE-2015-9251
13	Craig Patchett Fileseek FileSeek.cgi kataloggenomgång	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04964	0.00	CVE-2002-0611
14	Cacti graph_settings.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00346	0.00	CVE-2014-5262
15	Cacti snmp.php privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01280	0.02	CVE-2013-1435
16	Microsoft Windows Service Pack 3 privilegier eskalering	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
17	Ideal BB.NET forums.aspx cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
18	DCP-Portal forums.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
19	Kayako SupportSuite User Registration cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
20	JDOM SAXBuilder förnekande av tjänsten	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00480	0.00	CVE-2021-33813

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Kazakhstan

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	5.183.178.181		Calypso	Kazakhstan	01/05/2022	verified	Hög
2	5.188.228.53	indppur1.example.com	Calypso	Kazakhstan	01/05/2022	verified	Hög
3	23.227.207.137	23-227-207-137.static.hvvc.us	Calypso		01/05/2022	verified	Hög
4	45.63.96.120	45.63.96.120.vultrusercontent.com	Calypso		01/05/2022	verified	Hög
5	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx		01/05/2022	verified	Hög
6	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
7	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
8	XX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
9	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
10	XXX.XX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
11	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
12	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
13	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
14	XXX.XX.XXX.XXX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
15	XXX.XXX.XXX.XX	xxxxxxx.xx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
16	XXX.XXX.X.XXX	xxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
17	XXX.XXX.XXX.XXX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög
18	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxx	01/05/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-19, CWE-20, CWE-59, CWE-73, CWE-119, CWE-120, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-288, CWE-290, CWE-352, CWE-362, CWE-384, CWE-404, CWE-436, CWE-443, CWE-476, CWE-502, CWE-626, CWE-787, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
13	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
14	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Hög
15	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Hög
16	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
17	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög
18	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	.htaccess	predictive	Medium
2	File	/admin/user/manage/add	predictive	Hög
3	File	/api.php	predictive	Medium
4	File	/export	predictive	Låg
5	File	/iisadmin	predictive	Medium
6	File	/inc/jquery/uploadify/uploadify.php	predictive	Hög
7	File	/inc/parser/xhtml.php	predictive	Hög
8	File	/includes/lib/detail.php	predictive	Hög
9	File	/MIME/INBOX-MM-1/	predictive	Hög
10	File	/ptms/classes/Users.php	predictive	Hög
11	File	/public/plugins/	predictive	Hög
12	File	/xxxxxxx/xxxxxxxx/xxxx.xxx	predictive	Hög
13	File	/xxxxxxxx/xxxxxxx.xxx	predictive	Hög
14	File	/xxxxxxxx/xxx/xxxxxxxxx.xxx	predictive	Hög
15	File	/xxx-xxx/xxx.xxx	predictive	Hög
16	File	/xxx/xxxxxxxx.xxx	predictive	Hög
17	File	xxxxxxxxxxx.xxx	predictive	Hög
18	File	xxx_xxxxxx.xxx	predictive	Hög
19	File	xxxxxx.xxx	predictive	Medium
20	File	xxx.xxx	predictive	Låg
21	File	xxxxxxxx_xxxxxxx.xxx	predictive	Hög
22	File	xxx.xxx	predictive	Låg
23	File	xxxxxxxxxx.xxx	predictive	Hög
24	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
25	File	xxxxxx.xxx	predictive	Medium
26	File	xxxxxxx_xxxxxx.xxx	predictive	Hög
27	File	xxxxxxxx.xxx	predictive	Medium
28	File	xxxxxx.xxxx	predictive	Medium
29	File	xxxxxx.xxx	predictive	Medium
30	File	xxxx.xxx	predictive	Medium
31	File	xxxxx_xxxxxxxx.xxx	predictive	Hög
32	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	Hög
33	File	xxxxx_xxxxxx.xxx	predictive	Hög
34	File	xxx/xxxxxx.xxx	predictive	Hög
35	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Hög
36	File	xxxxx.xxx	predictive	Medium
37	File	xxxx_xxxxxxxx.xxxx	predictive	Hög
38	File	xxxxxx/xxxxxxxxx.xxx	predictive	Hög
39	File	xxx/xxxx/xx/xxxxxx.xxx	predictive	Hög
40	File	xxx/xxxxxx_xxx.x	predictive	Hög
41	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Hög
42	File	xxxxxxxx.xxx	predictive	Medium
43	File	xxxxxxxx_xxxx.xxx	predictive	Hög
44	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Hög
45	File	xxxxxx.xx	predictive	Medium
46	File	xxxxxxxxx.xxx	predictive	Hög
47	File	xxxxxxxxxxxx.xxx	predictive	Hög
48	File	xxxxxxxxxxxxxxxx.xxx	predictive	Hög
49	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
50	File	xxxx.xxx	predictive	Medium
51	File	xxxx-xxx	predictive	Medium
52	File	xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx	predictive	Hög
53	File	xxxxxxxxx.xxx	predictive	Hög
54	File	xxxxxxxxxxx.xxx	predictive	Hög
55	File	xxxxxxx.xxx	predictive	Medium
56	File	xxxxxxxx.xxx	predictive	Medium
57	File	xx-xxxxx.xxx	predictive	Medium
58	Library	xxxxxxx.xxx	predictive	Medium
59	Library	xxx/xxxxxx/xxxxxx.xxx	predictive	Hög
60	Library	xxx/xxx.xxx	predictive	Medium
61	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	Hög
62	Argument	xxxx	predictive	Låg
63	Argument	xxxxxxxx	predictive	Medium
64	Argument	xxxxx	predictive	Låg
65	Argument	xxx	predictive	Låg
66	Argument	xxxxxxxx	predictive	Medium
67	Argument	xxxx[xxxx]	predictive	Medium
68	Argument	xxxxx->xxxx	predictive	Medium
69	Argument	xxxx	predictive	Låg
70	Argument	xxxxxxxx	predictive	Medium
71	Argument	xxxxxx	predictive	Låg
72	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	Hög
73	Argument	xxxx	predictive	Låg
74	Argument	xxxx/xxxx	predictive	Medium
75	Argument	xxxx	predictive	Låg
76	Argument	xx	predictive	Låg
77	Argument	xxxxxxxxxx	predictive	Medium
78	Argument	xxxxxxx	predictive	Låg
79	Argument	xxxxxx	predictive	Låg
80	Argument	xxx_xxxxx	predictive	Medium
81	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Hög
82	Argument	xxxxxxx	predictive	Låg
83	Argument	xxxxx	predictive	Låg
84	Argument	xxxxxxxxxxxxxx	predictive	Hög
85	Argument	xxxxxxxxxx	predictive	Medium
86	Argument	xxx	predictive	Låg
87	Argument	xxxxxxx_xx	predictive	Medium
88	Argument	xxxxxxxxx	predictive	Medium
89	Argument	xxxxxx	predictive	Låg
90	Argument	xxxxxxxxx	predictive	Medium
91	Argument	xxx	predictive	Låg
92	Argument	xxxx	predictive	Låg
93	Argument	xxxxxxxx	predictive	Medium
94	Argument	xxxxxxxx/xxxxxxxx	predictive	Hög
95	Input Value	;xx xxx.xxx.x.xxx xxxx -x /xxx/xxxx;	predictive	Hög
96	Input Value	??x:\	predictive	Låg
97	Network Port	xxx/xxxx (xx-xxx)	predictive	Hög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!