T1059.006: T1059.006
Essential information
- MITRE technique ID
T1059.006- Confidence
- 100/100
- Revoked
- No
- Published
- 09/03/2020 15:38
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Python
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (55)
-
DriveSurge usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Larva-24010 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Slow Pisces usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Water Saci usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint…
First seen 01/01/1970 · Last seen 16/11/5138 · -
ValleyRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FAMOUS CHOLLIMA usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-00 (OceanLotus) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Astaroth relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
VenomRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
redux-ace usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RELOADEXT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pyramid C2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DownTroy usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UPSTYLE usesFamily The MITRE Corporation Confidence 100
[UPSTYLE](https://attack.mitre.org/software/S1164) is a Python-based backdoor associated with exploitation of Palo Alto firewalls using CVE-2024-3400 in early 2024. [UPSTYLE](https://attack.mitre.org/software/S1164) has only been observed in relation to this exploitation activity,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
graphflux usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SUNSPINNER usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhadamanthys usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kryptina usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AGENTPSD usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
21 MITREs 2 Malwares 41 Observables 1 APT
-
26 MITREs 2 Malwares 19 Observables
-
21 MITREs 1 Malware 3 Observables
-
11 MITREs 2 Malwares 6 Observables 1 APT
-
1 CVE 14 MITREs 1 Malware 3 Observables
-
17 MITREs 5 Malwares 23 Observables
-
1 CVE 19 MITREs 7 Malwares 21 Observables 1 APT
-
12 MITREs 3 Observables
-
1 CVE 10 MITREs 1 Malware 4 Observables
-
9 MITREs 5 Malwares 9 Observables
-
7 MITREs 3 Malwares 8 Observables 1 APT
-
14 MITREs 1 Malware 27 Observables
Vulnerabilities (CVE) (49)
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/05/2015
- Modified
- 22/04/2026
Course Of Action (1)
-
Audit mitigates
Tool (1)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…