Skip to content

Hide Navigation Hide TOC

Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1)

Calisto is a macOS Trojan that opens a backdoor on the compromised machine. Calisto is believed to have first been developed in 2016. (Citation: Securelist Calisto July 2018) (Citation: Symantec Calisto July 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware 1
Calisto - S0274 (b8fdef82-d2cf-4948-8949-6466357b1be1) Malware Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2