Witchetty Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (249)

Chronologie

Langue

en218
zh18
ru6
fr4
es2

De campagne

us92
cn68
ru8
ua4
ce4

Acteurs

Cobalt Strike13
NetSupportManager RAT12
Raccoon10
RecordBreaker9
SideWinder8

Activités

Intérêt

Chronologie

Taper

Not Defined92
WordPress Plugin16
Firewall Software14
Content Management System12
Router Operating System12

Fournisseur

Not Defined92
Microsoft12
QNAP4
Palo Alto4
Linksys4

Produit

WordPress6
Microsoft Windows6
QNAP QTS4
Palo Alto PAN-OS4
Linksys WRT54GL4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
4Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.973190.00CVE-2021-34473
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6Linksys WRT54GL Web Management Interface SysInfo1.htm divulgation de l'information4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
7Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.08CVE-2019-10232
8Sophos Firewall User Portal/Webadmin authentification faible8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
9CutePHP CuteNews elévation de privilèges7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
10WordPress Object elévation de privilèges5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.08CVE-2022-21663
11OpenProject Activities API sql injection7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.963070.04CVE-2019-11600
12Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k et plus$0-$5kProof-of-ConceptOfficial Fix0.070840.02CVE-2022-26923
13QNAP QTS Media Library elévation de privilèges8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
14Cougar LG lg.cgi cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.003270.04CVE-2014-3926
15Samurai Build File util.c canonpath buffer overflow6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.07CVE-2019-19795
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
17Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2017-15648
18RealNetworks RealServer Port 7070 Service dénie de service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.08CVE-2000-0272
19Microsoft Windows Themes divulgation de l'information5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.000640.04CVE-2024-21320
20Microsoft IIS authentification faible8.17.7$25k-$100k$0-$5kHighOfficial Fix0.085220.00CVE-2009-1122

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • LookBack

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.252.176.3no-rdns.mivocloud.comWitchettyLookBack03/10/2022verifiedÉlevé
2XXX.XX.X.XXXXxxxxxxxx03/10/2022verifiedÉlevé
3XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx03/10/2022verifiedÉlevé
4XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx03/10/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (99)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/api/RecordingList/DownloadRecord?file=predictiveÉlevé
2File/apply.cgipredictiveMoyen
3File/etc/openstack-dashboard/local_settingspredictiveÉlevé
4File/php/ping.phppredictiveÉlevé
5File/rapi/read_urlpredictiveÉlevé
6File/scripts/unlock_tasks.phppredictiveÉlevé
7File/SysInfo1.htmpredictiveÉlevé
8File/sysinfo_json.cgipredictiveÉlevé
9File/system/user/modules/mod_users/controller.phppredictiveÉlevé
10File/uncpath/predictiveMoyen
11File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveÉlevé
12File/xx-xxxxxxx/xxxxxxx/xxxxx-xxxxxxx/predictiveÉlevé
13Filexxxxxxx/xxxx.xxxpredictiveÉlevé
14Filexxxx/xxx/xxx/xxx/xxxxxx.xpredictiveÉlevé
15Filexxxxxx/xxx.xpredictiveMoyen
16Filexxxxxxxxx.xxx.xxxpredictiveÉlevé
17Filexxxxx/xxxxx.xxxpredictiveÉlevé
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxx_xxxxx.xxxpredictiveÉlevé
20Filexxxxx.xxxpredictiveMoyen
21Filexxxxxx.xxxpredictiveMoyen
22Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx.xpredictiveÉlevé
23Filexx/xx-xx.xpredictiveMoyen
24Filexxx/xxxx_xxxx.xpredictiveÉlevé
25Filexxxxxx/xxxxxxxxxxxpredictiveÉlevé
26Filexxxx_xxxxxx.xpredictiveÉlevé
27Filexxxx/xxxxxxx.xpredictiveÉlevé
28Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveÉlevé
29Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveÉlevé
30Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveÉlevé
31Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveÉlevé
32Filexxxxxxxxxx.xxxpredictiveÉlevé
33Filexx.xxxpredictiveFaible
34Filexxxxx.xxxpredictiveMoyen
35Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
36Filexxx/xxx.xxxpredictiveMoyen
37Filexxx/xxxx/xxx_xxxxxx.xpredictiveÉlevé
38Filexxxx_xxxxxxx.xxxpredictiveÉlevé
39Filexxxx_xxxxx.xxxpredictiveÉlevé
40Filexxxxxx.xpredictiveMoyen
41Filexxxx.xxxpredictiveMoyen
42Filexxxxx.xxxpredictiveMoyen
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
44Filexxxxxxxx.xxxpredictiveMoyen
45Filexxxx.xxxpredictiveMoyen
46Filexxxxx/xxxxx.xxxpredictiveÉlevé
47Filexxxxxxxx.xxxpredictiveMoyen
48Filexxxxxxxxx.xxxpredictiveÉlevé
49Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveÉlevé
50Filexxxx.xpredictiveFaible
51Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
52Filexx/xxxxxx/xxxxxpredictiveÉlevé
53FilexxxxxxxxxxpredictiveMoyen
54Filexxxxxxx/xxxxx.xxxpredictiveÉlevé
55Filexx-xxxxx/xxxx.xxxpredictiveÉlevé
56ArgumentxxxxxxpredictiveFaible
57ArgumentxxxxpredictiveFaible
58Argumentxxxxxxx_xxxxpredictiveMoyen
59Argumentxxxxxx_xxxxpredictiveMoyen
60ArgumentxxxpredictiveFaible
61ArgumentxxxxxxxxxxxxxxxxxpredictiveÉlevé
62ArgumentxxxxxpredictiveFaible
63Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveÉlevé
64Argumentxxxxxx_xxpredictiveMoyen
65ArgumentxxxxxxpredictiveFaible
66Argumentxxxxxxx_xx/xxx/xxxxx_xx/_xxpredictiveÉlevé
67ArgumentxxxxpredictiveFaible
68ArgumentxxxxpredictiveFaible
69ArgumentxxpredictiveFaible
70Argumentxxxxx_xxxxpredictiveMoyen
71Argumentxxxxxx/xxxxxxpredictiveÉlevé
72Argumentxxxxxxxx[xx]predictiveMoyen
73ArgumentxxxxxxxpredictiveFaible
74Argumentxxx_xxxxpredictiveMoyen
75Argumentxxxxxx_xxxxpredictiveMoyen
76Argumentxxxx_xxxxxpredictiveMoyen
77ArgumentxxxxxxxxpredictiveMoyen
78ArgumentxxxpredictiveFaible
79Argumentxxx_xxxxxxxxpredictiveMoyen
80Argumentxxxx_xxxxxpredictiveMoyen
81Argumentxxxxxxx/xxxxxpredictiveÉlevé
82Argumentxxxxxx_xxxpredictiveMoyen
83Argumentxxxx_xxpredictiveFaible
84Argumentxxxxxxxx_xxxxxxxxpredictiveÉlevé
85ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
86Argumentxxxx_xxpredictiveFaible
87ArgumentxxxpredictiveFaible
88ArgumentxxxxpredictiveFaible
89ArgumentxxxxxxxxpredictiveMoyen
90Argumentxxxx/xx/xxxx/xxxpredictiveÉlevé
91Input Value.%xx.../.%xx.../predictiveÉlevé
92Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveÉlevé
93Input Valuexxxxxxx -xxxpredictiveMoyen
94Input ValuexxxxxxxxxxpredictiveMoyen
95Network PortxxxxpredictiveFaible
96Network PortxxxxpredictiveFaible
97Network Portxxxx xxxxpredictiveMoyen
98Network Portxxx/xxxpredictiveFaible
99Network Portxxx/xxxxpredictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!