Witchetty Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en145
zh10
fr4
ru1
ar1

Country

us49
cn24
ru4
ce4
au3

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.310.61804CVE-2021-34473
2VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00954CVE-2019-13275
3OpenProject Activities API sql injection7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.93596CVE-2019-11600
4Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.120.02288CVE-2022-26923
5QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.050.23043CVE-2017-13067
6WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.230.01034CVE-2022-21664
7Cougar LG lg.cgi cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.040.01213CVE-2014-3926
8Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-19795
9Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
10Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2017-15648
11Joomla CMS sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.080.93264CVE-2015-7297
12OPW Fuel Management Systems SiteSentinel Integra 100 sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2017-12731
13SiteServer CMS sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2021-42655
14SiteServer CMS unrestricted upload5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02509CVE-2021-42654
15wp-polls Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2015-9352
16WP Rocket Plugin path traversal6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2017-11658
17Horde Webmail Address Book Driver.php create injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2022-30287
18Webmin access control7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.66053CVE-2022-0824
19OpenSSH access control8.47.9$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.060.01547CVE-2008-1483
20Simple Real Estate Pack Plugin Setting cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-1646

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LookBack

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.252.176.3no-rdns.mivocloud.comWitchettyLookBackverifiedHigh
2XXX.XX.X.XXXXxxxxxxxxverifiedHigh
3XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
4XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/openstack-dashboard/local_settingspredictiveHigh
2File/rapi/read_urlpredictiveHigh
3File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
4File/wp-content/uploads/photo-gallery/predictiveHigh
5Filecoders/png.cpredictiveMedium
6Filecustomoid.inc.phppredictiveHigh
7Filedapur/index.phppredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxx_xxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxx.xxxpredictiveMedium
12Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx.xpredictiveHigh
13Filexx/xx-xx.xpredictiveMedium
14Filexxx/xxxx_xxxx.xpredictiveHigh
15Filexxxx_xxxxxx.xpredictiveHigh
16Filexxxx/xxxxxxx.xpredictiveHigh
17Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
19Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveHigh
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexx.xxxpredictiveLow
22Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxx/xxx.xxxpredictiveMedium
24Filexxx/xxxx/xxx_xxxxxx.xpredictiveHigh
25Filexxxx_xxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxxx.xxxpredictiveHigh
27Filexxxxxx.xpredictiveMedium
28Filexxxx.xxxpredictiveMedium
29Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxxx/xxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
34Filexxxx.xpredictiveLow
35Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
36Filexx/xxxxxx/xxxxxpredictiveHigh
37FilexxxxxxxxxxpredictiveMedium
38Filexxxxxxx/xxxxx.xxxpredictiveHigh
39Filexx-xxxxx/xxxx.xxxpredictiveHigh
40ArgumentxxxxpredictiveLow
41Argumentxxxxxx_xxxxpredictiveMedium
42ArgumentxxxpredictiveLow
43ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
44Argumentxxxxxx_xxpredictiveMedium
45ArgumentxxxxxxpredictiveLow
46Argumentxxxxxxx_xx/xxx/xxxxx_xx/_xxpredictiveHigh
47ArgumentxxpredictiveLow
48Argumentxxxxx_xxxxpredictiveMedium
49Argumentxxxxxx/xxxxxxpredictiveHigh
50ArgumentxxxxxxxpredictiveLow
51Argumentxxxxxx_xxxxpredictiveMedium
52Argumentxxxx_xxxxxpredictiveMedium
53ArgumentxxxpredictiveLow
54Argumentxxx_xxxxxxxxpredictiveMedium
55Argumentxxxx_xxxxxpredictiveMedium
56Argumentxxxx_xxpredictiveLow
57Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
58ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
59ArgumentxxxxpredictiveLow
60Argumentxxxx/xx/xxxx/xxxpredictiveHigh
61Input Value.%xx.../.%xx.../predictiveHigh
62Input ValuexxxxxxxxxxpredictiveMedium
63Network Portxxxx xxxxpredictiveMedium
64Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!