HomuWitch Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

SC: Seychelles20
US: USA8
CN: China4
IR: Iran2
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HomuWitch3
RedLine Stealer2
Cobalt Strike2
Hydra1
Bashlite1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Multimedia Processing Software2
SSH Server Software2
Smartphone Operating System2
Photo Gallery Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Papercut6
SourceCodester6
Pivotal2
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Papercut NG6
Papercut MF4
FFmpeg2
SourceCodester Sales Tracker Management System2
SourceCodester Employee Task Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Sales Tracker Management System view_product.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.002880.05CVE-2023-0964
2SourceCodester Online Student Management System edit-class-detail.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001730.00CVE-2023-1099
3Microsoft Office/365 Apps for Enterprise information disclosure7.06.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.002760.03CVE-2024-38200
4Microsoft Windows Update Stack access control7.57.3$25k-$100k$25k-$100kProof-of-ConceptUnavailable0.000480.00CVE-2024-38202
5FFmpeg pnmdec.c pnm_decode_frame heap-based overflow6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000440.03CVE-2024-7055
6Autodesk Navisworks Freedom DWF File dwfcore.dll heap-based overflow7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.03CVE-2024-7674
7Elementor Website Builder Plugin Tools Module sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.00CVE-2023-0329
8Apache Solr Operator log file4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-31391
9SourceCodester Library Management System bookdetails.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.008080.03CVE-2022-2214
10Itech Movie Portal Script film-rating.php Error sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.009100.14CVE-2017-20143
11SourceCodester Employee Task Management System admin-manage-user.php redirect7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.02CVE-2024-2569
12QNAP QuMagie sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2023-41284
13Multi-Vendor Online Groceries Management System view_product.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.003700.02CVE-2022-26632
14PaperCut MF/NG libsmb2 access control9.89.7$0-$5k$0-$5kHighOfficial Fix0.967820.04CVE-2023-27350
15Papercut NG/MF path traversal8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.923860.02CVE-2023-39143
16Papercut NG/MF Script code injection7.27.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000640.00CVE-2023-39469
17Papercut NG unrestricted upload7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.00CVE-2023-3486
18Papercut NG XMLRPC improper authentication6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.018210.04CVE-2023-4568
19Pivotal Spring Framework deserialization9.89.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.010080.00CVE-2016-1000027
20SourceCodester Online Food Ordering System view_prod.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.002060.05CVE-2023-0303

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
178.142.0.42HomuWitch03/19/2024verifiedVery High
2XX.XXX.XXX.XXXxxxxx-xxxxx.xxxx.xxxxxxxXxxxxxxxx03/19/2024verifiedVery High
3XXX.XXX.XX.XXxx.xx.xxx.xxx.xx.xxx.xxXxxxxxxxx03/19/2024verifiedVery High
4XXX.XXX.XXX.XXXXxxxxxxxx03/19/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin-manage-user.phppredictiveHigh
2File/film-rating.phppredictiveHigh
3File/librarian/bookdetails.phppredictiveHigh
4File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
5File/xxxx/xxxxxxxxxpredictiveHigh
6Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
7Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
8Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
9Filexxx_xxxxxx.xxxpredictiveHigh
10Filexxxx.xxxpredictiveMedium
11Filexxxx_xxxx.xxxpredictiveHigh
12Library/xxxxxxxxxx/xxxxxx.xpredictiveHigh
13Libraryxxxxxxx.xxxpredictiveMedium
14ArgumentxxxpredictiveLow
15ArgumentxxxxxxpredictiveLow
16ArgumentxxxxxxxxxxxxpredictiveMedium
17ArgumentxxpredictiveLow
18Argumentxxxxx/xxxpredictiveMedium
19Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!