T1059.006: T1059.006
Essential information
- MITRE technique ID
T1059.006- Confidence
- 100/100
- Revoked
- No
- Published
- 09/03/2020 15:38
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Python
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (55)
-
The MITRE Corporation Confidence 100
[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Machete](https://attack.mitre.org/groups/G0095) is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Matrix relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
North Korea relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
North Korean threat actors relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PXA Stealer group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RansomHub relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedCurl relatedThe MITRE Corporation Confidence 100
[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rocke relatedThe MITRE Corporation Confidence 100
[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Russian-speaking threat actor relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SHADOW-VOID-044 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020)…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
VenomRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
redux-ace usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RELOADEXT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pyramid C2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DownTroy usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UPSTYLE usesFamily The MITRE Corporation Confidence 100
[UPSTYLE](https://attack.mitre.org/software/S1164) is a Python-based backdoor associated with exploitation of Palo Alto firewalls using CVE-2024-3400 in early 2024. [UPSTYLE](https://attack.mitre.org/software/S1164) has only been observed in relation to this exploitation activity,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
graphflux usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SUNSPINNER usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhadamanthys usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kryptina usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AGENTPSD usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 20 MITREs 1 Malware 17 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 2 Malwares 1 IOC 1 Observable 1 APT
-
AlienVault Confidence 100 19 MITREs 3 Malwares 4 IOCs 1 APT
-
AlienVault Confidence 100 21 MITREs 1 Malware 2 IOCs 1 APT
-
AlienVault Confidence 100 15 MITREs 2 IOCs 2 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 2 IOCs 2 Observables
-
20 MITREs 4 Malwares 18 Observables 1 APT
-
19 MITREs 3 Malwares 32 Observables 1 APT
-
AlienVault Confidence 100 5 CVEs 20 MITREs 2 Malwares 18 IOCs 18 Observables
-
AlienVault Confidence 100 19 MITREs 32 IOCs 32 Observables 1 APT
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
Vulnerabilities (CVE) (49)
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/05/2015
- Modified
- 22/04/2026
Course Of Action (1)
-
Audit mitigates
Tool (1)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…