T1059.006: T1059.006
Essential information
- MITRE technique ID
T1059.006- Confidence
- 100/100
- Revoked
- No
- Published
- 09/03/2020 15:38
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Python
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (55)
-
The MITRE Corporation Confidence 100
[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Machete](https://attack.mitre.org/groups/G0095) is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Matrix relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
North Korea relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
North Korean threat actors relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PXA Stealer group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RansomHub relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RedCurl relatedThe MITRE Corporation Confidence 100
[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Rocke relatedThe MITRE Corporation Confidence 100
[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Russian-speaking threat actor relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SHADOW-VOID-044 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020)…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
VenomRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
redux-ace usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RELOADEXT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pyramid C2 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DownTroy usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UPSTYLE usesFamily The MITRE Corporation Confidence 100
[UPSTYLE](https://attack.mitre.org/software/S1164) is a Python-based backdoor associated with exploitation of Palo Alto firewalls using CVE-2024-3400 in early 2024. [UPSTYLE](https://attack.mitre.org/software/S1164) has only been observed in relation to this exploitation activity,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
graphflux usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SUNSPINNER usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhadamanthys usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Kryptina usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AGENTPSD usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
5 CVEs 14 MITREs 2 Malwares 5 Observables
-
AlienVault Confidence 100 19 MITREs 2 Malwares 1 IOC 1 Observable 1 APT
-
Latest PyPi Compromise relatedAlienVault Confidence 100 20 MITREs 3 Malwares 9 IOCs 9 Observables 1 APT
-
17 MITREs 1 Observable 1 APT
-
20 MITREs 1 Malware 2 Observables
-
AlienVault Confidence 100 5 CVEs 24 MITREs 2 Malwares 4 IOCs 4 Observables
-
AlienVault Confidence 100 16 MITREs 1 Malware 10 IOCs 10 Observables 1 APT
-
3 CVEs 22 MITREs 5 Malwares 16 Observables 1 APT
-
AlienVault Confidence 100 20 MITREs 4 IOCs 4 Observables
-
20 MITREs 4 Malwares 7 Observables 1 APT
-
AlienVault Confidence 100 19 MITREs 2 Malwares 14 IOCs 14 Observables 1 APT
-
AlienVault Confidence 100 17 MITREs 1 Malware 9 IOCs 9 Observables 1 APT
Vulnerabilities (CVE) (49)
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/05/2015
- Modified
- 22/04/2026
Course Of Action (1)
-
Audit mitigates
Tool (1)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…