Witness encryption is essentially the same thing as hash proof systems (what some people call “smooth projective hash functions”), so we know quite a few examples.
The best-known one is probably the Cramer-Shoup SPHF, which can be seen as a witness encryption scheme with respect to the NP language of Diffie-Hellman pairs. Precisely, we have a cyclic group $G$ and consider the language $L\subset G\times G$ of pairs $(g^w, h^w)$, where $g,h$ are two given generators of $G$. One can then define an encryption of $m\in G$ with respect to an arbitrary pair $(u,v)\in G^2$ as $(c_0,c_1)=(g^rh^s,m\cdot u^rv^s)$ for random exponents $r,s$. If $(u,v)\notin L$ and the DDH assumption holds in $G$, it is easy to verify that $(g^rh^s, u^rv^s)$ is uniformly random in $G^2$, so $m$ is statistically hidden. On the other hand, if $(u,v)\in L$ and someone knows a witness to that fact, namely $(u,v)=(g^w,h^w)$ and one knows $w$, then it is easy to decrypt: one can simply recover $m$ as $c_1/c_0^w$. So we have a witness encryption scheme as required.
There are many more examples: SPHFs for the language of valid commitments in some suitable commitment scheme, etc.
Here is a very nice talk by Victor Shoup himself on the subject: https://www.youtube.com/watch?v=2aX-0E07Fpg
