Calypso

Threat Actor updated 23 days ago (2024-11-29T14:06:15.967Z)
Download STIX
Preview STIX
Calypso is a recognized threat actor, likely linked to the Chinese state-sponsored group APT41. Other groups possibly connected to this network include Hafnium, LuckyMouse, Tick, Calypso, and Winnti Group (tracked by X-Force as Hive0088). Calypso has been associated with various malicious activities, including the use of Command and Control (C&C) servers like rawfuns[.]com and yolkish[.]com. The group uses specific loaders such as EB8D39CE08B32A07B7D847F6C29F4471CD8264F2 and 30DD3076EC9ABB13C15053234C436406B88FB2B9 for the Win32/Korplug malware, and 4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E for the Win32/Agent malware. In 2019, Positive Technology Security released a report detailing the use of Calypso RAT (Remote Access Trojan) by the Calypso Advanced Persistent Threat (APT) group. Another tool exclusively used by Calypso APT is the Win.NOODLERAT, an in-memory modular backdoor, originally reported by NCC Group and Positive Technology Security. This backdoor has been deployed in espionage campaigns not only by Calypso APT but also by Iron Tiger and several unidentified clusters. However, it's important to note that "Calypso" is also the name of a leading company in AI security, Calypso AI, founded by Neil Serebryany. This organization focuses on scoring vulnerabilities at the point of model prompts and their responses, either logging or blocking these potential threats. Calypso AI is unrelated to the Calypso APT group, and its work was recently showcased at the Accelerate AI 2023 conference in Washington, DC, hosted by the Berryville Institute of Machine Learning (BIML).
Description last updated: 2024-10-08T11:31:08.776Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Winnti Group is a possible alias for Calypso. The Winnti Group, a threat actor associated with the Chinese state-sponsored hacking activities, has been active since at least 2007, according to researchers from Kaspersky Lab who first identified the group in 2013. The group initially gained notoriety for its attacks on computer game developers a
3
Calypso Apt is a possible alias for Calypso. Calypso Advanced Persistent Threat (APT) is a significant cyber threat actor identified as using the Calypso Remote Access Trojan (RAT), according to a 2019 report by Positive Technology Security. This group, which could be an individual, private company, or part of a government entity, has been not
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The LuckyMouse Threat Actor is associated with Calypso. LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, anUnspecified
2