T1059.006: T1059.006
Essential information
- MITRE technique ID
T1059.006- Confidence
- 100/100
- Revoked
- No
- Published
- 09/03/2020 15:38
- Modified
- 27/03/2026 01:11
- Author / Source
- The MITRE Corporation
Aliases
Python
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | execution |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (55)
-
SVF Team relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state…
First seen 01/01/1970 · Last seen 16/11/5138 · -
StormBamboo relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sukob relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA415 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA4557/FIN6 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamPCP relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (79)
-
CookieMiner usesFamily The MITRE Corporation Confidence 100
[CookieMiner](https://attack.mitre.org/software/S0492) is mac-based malware that targets information associated with cryptocurrency exchanges as well as enabling cryptocurrency mining on the victim system itself. It was first discovered in the…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Qilin usesThe MITRE Corporation Confidence 100
[Qilin](https://attack.mitre.org/software/S1242) ransomware is a Ransomware-as-a-Service (RaaS) that has been active since at least 2022 with versions written in Golang and Rust that are capable of targeting Windows or…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Metasploit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BRICKSTORM usesAlienVault Confidence 100
[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CanisterWorm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Shahmaran usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
bigmathex usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BibiWiper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
WeaselStore usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Keydnap usesFamily The MITRE Corporation Confidence 100
This piece of malware steals the content of the user's keychain while maintaining a permanent backdoor (Citation: OSX Keydnap malware).
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
AlienVault Confidence 100 18 MITREs 2 Malwares 16 IOCs 16 Observables
-
Miasma Worm Returns to npm relatedAlienVault Confidence 100 18 MITREs 1 Malware 5 IOCs 5 Observables
-
AlienVault Confidence 100 20 MITREs 1 Malware 17 IOCs 4 Observables
-
AlienVault Confidence 100 19 MITREs 2 Malwares 1 IOC 1 Observable 1 APT
-
AlienVault Confidence 100 19 MITREs 3 Malwares 4 IOCs 1 APT
-
AlienVault Confidence 100 21 MITREs 1 Malware 2 IOCs 1 APT
-
AlienVault Confidence 100 15 MITREs 2 IOCs 2 Observables
-
AlienVault Confidence 100 19 MITREs 3 Malwares 2 IOCs 2 Observables
-
20 MITREs 4 Malwares 18 Observables 1 APT
-
19 MITREs 3 Malwares 32 Observables 1 APT
-
AlienVault Confidence 100 5 CVEs 20 MITREs 2 Malwares 18 IOCs 18 Observables
-
AlienVault Confidence 100 19 MITREs 32 IOCs 32 Observables 1 APT
Vulnerabilities (CVE) (49)
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 01/05/2015
- Modified
- 22/04/2026
Course Of Action (1)
-
Audit mitigates
Tool (1)
-
Pupy usesThe MITRE Corporation Confidence 100
[Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as…