Trusted Design

Callisto Group

概要

The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions. In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtain the target’s webmail credentials. In early 2016 the Callisto Group began sending highly targeted spear phishing emails with malicious attachments that contained, as their final payload, the “Scout” malware tool from the HackingTeam RCS Galileo platform.

Created: 2026-02-23

Indicators

• domain - service-mail.asia -
• domain - authentification-request.top -
• domain - screenname.click -
• domain - prevention-icloud.link -
• domain - updatemail.in -
• domain - store-icloud.link -
• domain - icloud-service.pw -
• domain - prevention-aol.top -
• domain - google-accounts.eu -
• domain - go-veryfication.link -
• domain - live-com.pw -
• domain - login-live-com.pw -
• URL - http://drive-meet-goodle.ru/soft/adobeflashplayer.exe -
• URL - http://download.updatemail.in/winrar-4.2.final.exe -
• domain - emailapp.pw -
• domain - login-live.review -
• domain - prevention-aol.link -
• URL - http://hotmail-online.eu/getfile.php?dtype=browser -
• URL - http://google-accounts.eu/xmail/send/google.png -
• domain - auth-login.top -
• FileHash-SHA1 - 07cdc67d211d175cd9d418dc5482b3f17d93526a -
• URL - http://download.updatemail.in/wrar520b4ru.exe -
• domain - drive-login.com -
• domain - node005-prevention-aol.link -
• URL - http://serv.login-livecom.info/Install_Flash_player.zip -
• domain - hotmail-online.eu -
• domain - support-mail.top -
• IPv4 - 89.46.102.43 -
• URL - http://drive-meet-goodle.ru/soft/AdobeFlashPlayer.exe -
• domain - login-livecom.in -
• domain - misrcosofts.com -
• URL - http://download.updatemail.in/winrar-x64-520b4ru.exe -
• domain - login-access.top -
• URL - http://software.service-mail.asia/adobeflashplayer-install.zip -
• domain - fco-gov.pw -
• URL - http://drive-meet-goodle.ru/soft/adobe_flash_player_19.0.0.226.exe -
• hostname - mail.accounts-google.eu -
• domain - fco-net.pw -
• domain - qooqle-support-mail.pw -
• domain - secure-lcloud.accountant -
• URL - http://drive-meet-goodle.ru/soft/k-lite_codec_pack_1128_full.exe -
• domain - google-plus.top -
• domain - service-mail.in -
• domain - drive-meet-goodle.ru -
• domain - yahoomailfree.pw -
• URL - http://serv.login-livecom.info/Install_flash_player_activex.zip -
• domain - google-service.eu -
• URL - http://download.updatemail.in/k-lite_codec_pack_1085_full.exe -
• domain - support-gmail.pw -
• URL - http://download.updatemail.in/WinRAR-4.2.Final.exe -
• domain - platforma.link -
• domain - yahoocentermail.info -
• domain - accounts-mail.asia -
• domain - serv-login-com.pw -
• domain - accounts-google.eu -
• domain - support-mail.pw -
• domain - yahoocentermail.pw -
• URL - http://download.screenname-aol.pw/winrar-x64-530b4ru.exe -
• hostname - serv.login-livecom.info -
• domain - login-livecom.info -
• domain - screenname-aol.pw -
• domain - live-login.info -
• domain - node03-prevention-icloud.link -
• domain - shared-docs.pw -
• domain - secure-store-lcloud.top -
• URL - http://download.updatemail.in/install_flash_player.exe -

類似Pulses

• Targets Middle Eastern Telecommunications Companies (score: 0.63)
• New Attacks Linked to C0d0s0 Group (score: 0.62)
• Stealthy Cyberespionage Campaign Attacks With Social Engineering (score: 0.62)
• BBSRAT Attacks Targeting Russian Organizations (score: 0.62)
• MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る