Wirte Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (241)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en204
de12
ru10
fr10
ja6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us158
gb8
me6
cn6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Wirte3
RedLine Stealer2
Miner1
Mirai_ptea1
Exchange Marauder1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Operating System16
Firewall Software10
Content Management System6
Router Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Microsoft16
Dahua6
Samsung6
F56

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
F5 BIG-IP4
Linux Kernel4
Photo Gallery by 10Web Plugin2
QNAP QuTScloud2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DataLife Engine addnews.html cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00056CVE-2018-14777
3Dahua IP Camera access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00101CVE-2017-7253
4Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00043CVE-2022-21869
5eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00000
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00289CVE-2019-7550
8Smart Slider 3 Plugin Imported File deserialization7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00085CVE-2022-3357
9MariaDB untrusted search path6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01682CVE-2021-27928
10MariaDB mysql-wsrep wsrep_sst_method command injection6.36.0$0-$5kCalculatingNot DefinedOfficial Fix0.020.00858CVE-2020-15180
11Yii unserialize deserialization7.76.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02822CVE-2020-15148
12Linux Kernel dfl-afu-region.c afu_mmio_region_get_by_offset integer overflow6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2023-26242
13AssoCIateD Postman X.509 Certificate Validation certificate validation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00245CVE-2018-17215
14WordPress path traversal5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00326CVE-2023-2745
15ImageMagick command injection7.06.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00043CVE-2023-34153
16ImageMagick OpenBlob command injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00386CVE-2023-34152
17Reolink RLC-410W Firmware Update Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00149CVE-2021-40419
18Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF authentication replay7.87.6$0-$5kCalculatingNot DefinedOfficial Fix0.010.00135CVE-2022-30563
19Dahua DH-IPC-Hxxxxxxxxx Authentication hard-coded credentials7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.03148CVE-2017-7927
20Dahua IPC-HDW1X2X IP Address information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2019-9680

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.129.96.174free.gmhost.hostingWirteMiddle East03/22/2022verifiedHigh
245.129.97.207WirteMiddle East03/22/2022verifiedHigh
3XX.XXX.X.XXxxxx.xxxxxx.xxxXxxxxXxxxxx Xxxx03/22/2022verifiedHigh
4XX.XXX.XX.XXXxxxxXxxxxx Xxxx03/22/2022verifiedHigh
5XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxx12/21/2020verifiedMedium
6XXX.XX.XX.XXXxxxxxx-xxx-xxxxxxxxxx.xxxxxx.xx.xxXxxxx12/21/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/addnews.htmlpredictiveHigh
2File/admin.php/pic/admin/type/pl_savepredictiveHigh
3File/churchcrm/WhyCameEditor.phppredictiveHigh
4File/example/editorpredictiveHigh
5File/goform/aspFormpredictiveHigh
6File/index.php?page=search/rentalspredictiveHigh
7File/members/view_member.phppredictiveHigh
8File/xxxx/xx/xxxx/xxxxpredictiveHigh
9File/xxx_xxxx_xxxxxxx.xxxpredictiveHigh
10File/xxxx.xxxpredictiveMedium
11File/xxxxxxxx/xxxxpredictiveHigh
12File/xxx/xxx/xxxxxxx/predictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx.xxxpredictiveMedium
15Filexxx.xxxpredictiveLow
16Filexxxxxxx.xpredictiveMedium
17Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx/xxxx/xxx-xxx-xxxxxx.xpredictiveHigh
21Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
22Filexxxx-xxxxx-xxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
24Filexxx.xxx/xxx.xxxpredictiveHigh
25Filexx.xxxpredictiveLow
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxx.xpredictiveMedium
28Filexxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
32Filexxx.xxxxxpredictiveMedium
33Filexxxxxx.xxpredictiveMedium
34Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
35Filexxxxx.xpredictiveLow
36Filexxxxx/xxx_xxxxxx.xpredictiveHigh
37Filexxx_xxx.xxxxpredictiveMedium
38Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
39Filexxxxx-xxxxxx.xxxpredictiveHigh
40Libraryxxxxx.xxxpredictiveMedium
41Libraryxxxxx.xxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxxxx_xxxpredictiveMedium
44Argumentxxxxxxx-xxxxpredictiveMedium
45Argumentxxxxxx/xxxxxxxxxxpredictiveHigh
46ArgumentxxxxpredictiveLow
47ArgumentxxxxxpredictiveLow
48ArgumentxxxxxxxxpredictiveMedium
49Argumentxxxx xxxxpredictiveMedium
50ArgumentxxxxxpredictiveLow
51ArgumentxxxxxxpredictiveLow
52ArgumentxxpredictiveLow
53Argumentxxx_xxxxxxxpredictiveMedium
54Argumentxxxxxxxx_xxxxxx_xxxpredictiveHigh
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxxxxxx/xxxxxpredictiveHigh
57ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
58ArgumentxxxxxpredictiveLow
59Input ValuexxxxxxxxpredictiveMedium
60Network Portxxxxx xxx-xxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!