Witchetty Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (250)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en220
zh16
es4
fr4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us106
cn62
ru4
ce2
ua2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
NetSupportManager RAT11
Raccoon10
RecordBreaker9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined90
WordPress Plugin22
Router Operating System14
Operating System12
Firewall Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined92
Microsoft20
Linksys6
Cisco6
Kayako4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Exchange Server6
Microsoft IIS6
Kayako SupportSuite4
Mobile-Friendly Image Gallery Plugin4
Computrols CBAS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
4Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.05CVE-2021-34473
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.13CVE-2024-1406
7Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
8Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974340.00CVE-2022-1040
9CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
10WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
11OpenProject Activities API sql injection7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.961350.04CVE-2019-11600
12Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.00CVE-2022-26923
13QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
14Cougar LG lg.cgi cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.003270.04CVE-2014-3926
15Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
17Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648
18Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.08CVE-2023-1558
19RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.17CVE-2000-0272
20Microsoft Windows Themes information disclosure5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LookBack

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.176.3no-rdns.mivocloud.comWitchettyLookBack10/03/2022verifiedHigh
2XXX.XX.X.XXXXxxxxxxxx10/03/2022verifiedHigh
3XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx10/03/2022verifiedHigh
4XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx10/03/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/etc/openstack-dashboard/local_settingspredictiveHigh
4File/php/ping.phppredictiveHigh
5File/rapi/read_urlpredictiveHigh
6File/scripts/unlock_tasks.phppredictiveHigh
7File/SysInfo1.htmpredictiveHigh
8File/sysinfo_json.cgipredictiveHigh
9File/system/user/modules/mod_users/controller.phppredictiveHigh
10File/uncpath/predictiveMedium
11File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
12File/xx-xxxxxxx/xxxxxxx/xxxxx-xxxxxxx/predictiveHigh
13Filexxxxxxx/xxxx.xxxpredictiveHigh
14Filexxxx/xxx/xxx/xxx/xxxxxx.xpredictiveHigh
15Filexxxxxx/xxx.xpredictiveMedium
16Filexxxxxxxxx.xxx.xxxpredictiveHigh
17Filexxxxx/xxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx_xxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx.xpredictiveHigh
23Filexx/xx-xx.xpredictiveMedium
24Filexxx/xxxx_xxxx.xpredictiveHigh
25Filexxxxxx/xxxxxxxxxxxpredictiveHigh
26Filexxxx_xxxxxx.xpredictiveHigh
27Filexxxx/xxxxxxx.xpredictiveHigh
28Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
29Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
30Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
31Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveHigh
32Filexxxxxxxxxx.xxxpredictiveHigh
33Filexx.xxxpredictiveLow
34Filexxxxx.xxxpredictiveMedium
35Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxx/xxx.xxxpredictiveMedium
37Filexxx/xxxx/xxx_xxxxxx.xpredictiveHigh
38Filexxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxx_xxxxx.xxxpredictiveHigh
40Filexxxxxx.xpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexxxxx/xxxxx.xxxpredictiveHigh
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxx.xpredictiveLow
52Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
53Filexx/xxxxxx/xxxxxpredictiveHigh
54FilexxxxxxxxxxpredictiveMedium
55Filexxxxxxx/xxxxx.xxxpredictiveHigh
56Filexx-xxxxx/xxxx.xxxpredictiveHigh
57ArgumentxxxxxxpredictiveLow
58ArgumentxxxxpredictiveLow
59Argumentxxxxxxx_xxxxpredictiveMedium
60Argumentxxxxxx_xxxxpredictiveMedium
61ArgumentxxxpredictiveLow
62ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxxpredictiveLow
64Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
65Argumentxxxxxx_xxpredictiveMedium
66ArgumentxxxxxxpredictiveLow
67Argumentxxxxxxx_xx/xxx/xxxxx_xx/_xxpredictiveHigh
68ArgumentxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxpredictiveLow
71Argumentxxxxx_xxxxpredictiveMedium
72Argumentxxxxxx/xxxxxxpredictiveHigh
73Argumentxxxxxxxx[xx]predictiveMedium
74ArgumentxxxxxxxpredictiveLow
75Argumentxxx_xxxxpredictiveMedium
76Argumentxxxxxx_xxxxpredictiveMedium
77Argumentxxxx_xxxxxpredictiveMedium
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxpredictiveLow
80Argumentxxx_xxxxxxxxpredictiveMedium
81Argumentxxxx_xxxxxpredictiveMedium
82Argumentxxxxxxx/xxxxxpredictiveHigh
83Argumentxxxxxx_xxxpredictiveMedium
84Argumentxxxx_xxpredictiveLow
85Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
86ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
87Argumentxxxx_xxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx/xx/xxxx/xxxpredictiveHigh
92Input Value.%xx.../.%xx.../predictiveHigh
93Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
94Input Valuexxxxxxx -xxxpredictiveMedium
95Input ValuexxxxxxxxxxpredictiveMedium
96Network PortxxxxpredictiveLow
97Network PortxxxxpredictiveLow
98Network Portxxxx xxxxpredictiveMedium
99Network Portxxx/xxxpredictiveLow
100Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!