AhMyth Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (204)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en174
ru10
zh8
es4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA92
RU: Russia22
ES: Spain14
CN: China12
PT: Portugal6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike8
Mirai4
United States of America3
Azorult3
Conti3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Programming Language Software16
Content Management System16
WordPress Plugin10
Web Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined72
SourceCodester12
Microsoft4
Adobe4
Tenda4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Prison Management System10
PHP8
Clinics Patient Management System4
WordPress4
Tenda CP34

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2Zyxel NAS326/NAS542 Web Server os command injection9.89.8$5k-$10k$5k-$10kNot definedNot definedpossible0.399420.00CVE-2023-4473
3Linux Kernel fbcon vt.c KD_FONT_OP_COPY out-of-bounds5.04.8$2k-$5k$0-$1kNot definedOfficial fix 0.000960.02CVE-2020-28974
4H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection8.07.6$2k-$5k$0-$1kProof-of-ConceptOfficial fix 0.012980.23CVE-2025-3543
5PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery4.34.1$1k-$2k$0-$1kProof-of-ConceptNot defined 0.001240.00CVE-2023-7051
6YzmCMS Member User add.html cross-site request forgery3.53.5$0-$1k$0-$1kNot definedNot defined 0.001410.00CVE-2020-35972
7yzmCMS login.html cross site scripting3.53.5$0-$1k$0-$1kNot definedNot defined 0.003460.00CVE-2020-18084
8CKFinder File Name unrestricted upload7.47.4$1k-$2k$0-$1kNot definedNot defined 0.002470.08CVE-2019-15862
9Cisco IOS XE Web UI unprotected alternate channel9.99.8$25k-$50k$5k-$10kHighOfficial fixverified0.943490.00CVE-2023-20198
10jforum username User input validation5.35.3$1k-$2k$0-$1kNot definedNot defined 0.004430.15CVE-2019-7550
11Oracle JavaFX Remote Code Execution9.88.8$10k-$25k$0-$1kProof-of-ConceptOfficial fix 0.011780.00CVE-2013-1477
12Mavili Guestbook access control5.35.3$2k-$5k$0-$1kNot definedNot defined 0.002940.06CVE-2012-5298
13Mavili Guestbook edit.asp access control7.37.3$2k-$5k$0-$1kNot definedNot defined 0.005950.05CVE-2012-5299
14Saphp SaphpLesson misc.php sql injection7.37.3$2k-$5k$0-$1kNot definedUnavailable 0.004210.03CVE-2006-3161
15Microsoft Forefront Threat Management Gateway NSPLookupServiceNext memory corruption9.99.6$10k-$25k$0-$1kHighOfficial fixverified0.881510.08CVE-2011-1889
16eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$1k-$2k$0-$1kNot definedNot defined 0.000001.69
17Ubiquiti U6-LR shadow hard-coded password8.68.6$1k-$2k$1k-$2kNot definedNot defined 0.000960.07CVE-2024-54750
18mooveagency GDPR Cookie Compliance Plugin cross site scripting3.43.4$0-$1k$0-$1kNot definedNot defined 0.000340.05CVE-2025-2205
19OpenVPN Server Mode unusual condition3.73.7$2k-$5k$1k-$2kNot definedNot defined 0.000960.00CVE-2025-2704
20Next.js _error.js redirect5.04.8$1k-$2k$0-$1kNot definedOfficial fix 0.003730.09CVE-2021-37699

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.20.2.165ec2-51-20-2-165.eu-north-1.compute.amazonaws.comAhMyth12/06/2024verifiedHigh
287.119.220.245AhMyth03/09/2024verifiedHigh
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx03/23/2025verifiedHigh
4XXX.XX.XX.XXXXxxxxx12/06/2024verifiedVery High
5XXX.XXX.XXX.XXXxxxxx02/09/2025verifiedVery High
6XXX.XXX.XXX.XXXxxxxxxx.xxxXxxxxx03/10/2025verifiedVery High
7XXX.XX.XXX.XXXxxxx-xxx.xx.xxx.xxx.xxxxxx.xxxXxxxxx03/21/2025verifiedVery High
8XXX.XXX.XX.XXXxxxxx12/06/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (142)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/#ProductSerie/view/predictiveHigh
2File//proc/kcorepredictiveMedium
3File/api/wizard/setsyncpppoecfgpredictiveHigh
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/donor-wallpredictiveMedium
6File/etc/shadowpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/inc/jquery/uploadify/uploadify.phppredictiveHigh
9File/inc/parser/xhtml.phppredictiveHigh
10File/include/makecvs.phppredictiveHigh
11File/index/ajax/langpredictiveHigh
12File/member/index/login.htmlpredictiveHigh
13File/member/myfriend.phppredictiveHigh
14File/member/reg.asppredictiveHigh
15File/model/__lang_msg.phppredictiveHigh
16File/pms/admin/actions/view_action.phppredictiveHigh
17File/pms/admin/cells/view_cell.phppredictiveHigh
18File/xxx/xxxxx/xxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
19File/xxx/xxxxx/xxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
20File/xxx/xxxxx/xxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
21File/xxx/xxxxx/xxxxxx/xxxx_xxxxx.xxxpredictiveHigh
22File/xxx/xxxxx.xxxpredictiveHigh
23File/xxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
24File/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
25File/xxx/xxxxxx_xxxx.xxxpredictiveHigh
26File/xxxxxxxx.xxxpredictiveHigh
27File/xxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
28File/xxxxxxx/predictiveMedium
29File/xxxx/xxxxxx-xxxxx.xxxpredictiveHigh
30File/xx-xxxxx/xxxxx.xxx?xxxx=xx_xxxx_xxxxxxx_xxxxxxxxxxpredictiveHigh
31Filexxx.xxxpredictiveLow
32Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxx-xxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx_xxxxxx.xxxpredictiveHigh
35Filexxxxxx/xxxx/xxxxxxx-xxxxx.xxxpredictiveHigh
36Filexxx.xxxpredictiveLow
37Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
41Filexxxxxx/xx/xx_xxxxx.xpredictiveHigh
42Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictiveHigh
43Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxxxxx.xxxpredictiveMedium
46Filexxxxxxx_xxxxxx_xxxxxxx_xx_xxxxxx.xxxpredictiveHigh
47Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
50Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxx-xxxxxx/xxxxxxxx/xxxx-xxxx.xxpredictiveHigh
56Filexxx.xxxpredictiveLow
57Filexxx/xxxxxx.xxxpredictiveHigh
58Filexxxxx.xxxpredictiveMedium
59Filexxxxxxxxxxx.xxxpredictiveHigh
60Filexxxx.xxxpredictiveMedium
61Filexx.xxxpredictiveLow
62Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
63Filexxxxx_xx.xxxxpredictiveHigh
64Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxx/xxxxxx/xxx.xxxxpredictiveHigh
67Filexxxxxx_xxx.xxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
70Filexxxxxxx.xxxpredictiveMedium
71Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
72Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
73Filexxxxx/_xxxxx.xxpredictiveHigh
74Filexxx.xxxpredictiveLow
75Filexxxxxxx.xxxpredictiveMedium
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
79Filexxxxxxxxxxxx.xxxpredictiveHigh
80Filexxx.xpredictiveLow
81Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
82Filexxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxxxx.xxxpredictiveHigh
85Filexxxxxxxx.xxxpredictiveMedium
86Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
87Filexx-xxxxxx.xxxpredictiveHigh
88Filexx-xxxxxxxx.xxxpredictiveHigh
89File~/xxxxxx/xxxx/xxxxxxxx-xxxx.xxxpredictiveHigh
90File~/xxxxxxxxx/predictiveMedium
91Libraryxx_xxxxxxx_xxxxpredictiveHigh
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxpredictiveLow
95ArgumentxxxxxpredictiveLow
96Argumentxxxxxxxxxxx(xxxxxx)predictiveHigh
97Argumentxxxx/xxxxxx/xxxpredictiveHigh
98ArgumentxxxxxxpredictiveLow
99ArgumentxxxxxxxxxxxxpredictiveMedium
100Argumentxxxxx_xxxxxxx_xxpredictiveHigh
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxxpredictiveMedium
104ArgumentxxxxxxxxpredictiveMedium
105Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
106Argumentxxxxxxxxx/xxxxxxxxxx/xxxxx/xxxxxxx/xxxxxxx/xxxxxxxxpredictiveHigh
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxxxxxxxxxpredictiveMedium
109Argumentxxxxxxx[xxxx]predictiveHigh
110Argumentxxxxx_xxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxxxxpredictiveLow
116Argumentxxxxx[xxxxx][xx]predictiveHigh
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119Argumentxxxx_xxxxpredictiveMedium
120ArgumentxxxxpredictiveLow
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxxxxpredictiveLow
123ArgumentxxxpredictiveLow
124Argumentx_xxpredictiveLow
125Argumentxxxx[x]predictiveLow
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxxxpredictiveLow
128ArgumentxxxxxxxxpredictiveMedium
129ArgumentxxxxxxxxxxpredictiveMedium
130Argumentxxxx_xxxpredictiveMedium
131Argumentxxxxxxxxxx_xxxxpredictiveHigh
132ArgumentxxxxxpredictiveLow
133ArgumentxxxpredictiveLow
134Argumentxxxx-xxxxxpredictiveMedium
135ArgumentxxxxxxxxpredictiveMedium
136Argumentxxxx_xxxxxpredictiveMedium
137Argumentxxxx_xxxxpredictiveMedium
138ArgumentxxxxxxxxxpredictiveMedium
139ArgumentxxxxpredictiveLow
140Input Valuexxxxx' xx 'x'='xpredictiveHigh
141Pattern/xxxxxxx/xxxxxx/xxxxxx/xxxxxxx_xxxxxx_xxxxxxx_xx_xxxxxx.xxxpredictiveHigh
142Network Portxxx/xx (xxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!