{ "id": "3ccf323b-4506-44c8-993e-b45d8d344330", "created_at": "2026-04-06T00:12:11.644219Z", "updated_at": "2026-04-10T03:35:26.557184Z", "deleted_at": null, "sha1_hash": "4cc3f6514a8a8408a0ec0084f09836596c97a6f7", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 59109, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:18:38 UTC\n APT group: Calypso\nNames\nCalypso (Positive Technologies)\nBronze Medley (SecureWorks)\nCountry China\nMotivation Information theft and espionage\nFirst seen 2016\nDescription\n(Positive Technologies) The PT Expert Security Center first took note of Calypso in\nMarch 2019 during threat hunting. Our specialists collected multiple samples of\nmalware used by the group. They have also identified the organizations hit by the\nattackers, as well as the attackers’ C2 servers.\nOur data indicates that the group has been active since at least September 2016. The\nprimary goal of the group is theft of confidential data. Main targets are governmental\ninstitutions in Brazil, India, Kazakhstan, Russia, Thailand, and Turkey.\nOur data gives reason to believe that the APT group is of Asian origin.\nObserved\nSectors: Government.\nCountries: Afghanistan, Belarus, Brazil, India, Kazakhstan, Kyrgyzstan, Mongolia,\nRussia, Thailand, Turkey, Ukraine.\nTools used\nByeby, Calypso RAT, DCSync, DoublePulsar, EarthWorm, EternalBlue,\nEternalRomance, FlyingDutchman, Hussar, Mimikatz, nbtscan, netcat,\nOS_Check_445, PlugX, Quarks PwDump, SysInternals, TCP Port Scanner,\nWhitebird, ZXPortMap, Living off the Land.\nOperations performed\nMar 2021\nExchange servers under siege from at least 10 APT groups\nAug 2021\n4 Chinese APT Groups Identified Targeting Mail Server of Afghan\nTelecommunications Firm Roshan\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=f1a566ce-dff3-4f39-b9cb-d7acd82db584\nPage 1 of 2\n\nInformation Last change to this card: 02 November 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f1a566ce-dff3-4f39-b9cb-d7acd82db584\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=f1a566ce-dff3-4f39-b9cb-d7acd82db584\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f1a566ce-dff3-4f39-b9cb-d7acd82db584" ], "report_names": [ "showcard.cgi?u=f1a566ce-dff3-4f39-b9cb-d7acd82db584" ], "threat_actors": [ { "id": "9ef785ba-74e5-4fa1-90b8-764df063b7c6", "created_at": "2025-08-07T02:03:24.636642Z", "updated_at": "2026-04-10T02:00:03.727933Z", "deleted_at": null, "main_name": "BRONZE MEDLEY", "aliases": null, "source_name": "Secureworks:BRONZE MEDLEY", "tools": [ "Mimikatz", "PlugX", "Whitebird" ], "source_id": "Secureworks", "reports": null }, { "id": "3c5b0e7e-2388-4b63-9b97-6b027bec4bf7", "created_at": "2023-01-06T13:46:39.068694Z", "updated_at": "2026-04-10T02:00:03.202867Z", "deleted_at": null, "main_name": "Calypso", "aliases": [ "BRONZE MEDLEY" ], "source_name": "MISPGALAXY:Calypso", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "13d9c5fc-af82-4474-90dd-188c4e40a399", "created_at": "2022-10-25T16:07:23.435079Z", "updated_at": "2026-04-10T02:00:04.601572Z", "deleted_at": null, "main_name": "Calypso", "aliases": [ "Bronze Medley" ], "source_name": "ETDA:Calypso", "tools": [ "Agent.dhwf", "Byeby", "Calypso RAT", "DCSync", "Destroy RAT", "DestroyRAT", "DoublePulsar", "EternalBlue", "EternalRomance", "FlyingDutchman", "Kaba", "Korplug", "LOLBAS", "LOLBins", "Living off the Land", "Mimikatz", "NBTscan", "OS_Check_445", "PlugX", "Quarks PwDump", "RedDelta", "SAMRID", "Sogu", "SysInternals", "TCP Port Scanner", "TIGERPLUG", "TVT", "Thoper", "Whitebird", "Xamtrav", "ZXPortMap", "nbtscan", "netcat" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434331, "ts_updated_at": 1775792126, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4cc3f6514a8a8408a0ec0084f09836596c97a6f7.pdf", "text": "https://archive.orkl.eu/4cc3f6514a8a8408a0ec0084f09836596c97a6f7.txt", "img": "https://archive.orkl.eu/4cc3f6514a8a8408a0ec0084f09836596c97a6f7.jpg" } }