#T1059.006 Python

Technique

  • Tactics: Execution
  • Description:

    Adversaries may abuse Python commands and scripts for execution. Python is a very popular scripting/programming language, with capabilities to perform many functions. Python can be executed interactively from the command-line (via the <code>python.exe</code> interpreter) or via scripts (.py) that can be written and distributed to different systems. Python code can also be compiled into binary executables.(Citation: Zscaler APT31 Covid-19 October 2020)

    Python comes with many built-in packages to interact with the underlying system, such as file operations and device I/O. Adversaries can use these libraries to download and execute commands or other scripts as well as perform various malicious behaviors.

  • First Seen: North Korean Advanced Persistent Threat Focus: Kimsuky • 2020-10-27
MITRE ATT&CK

Tagged Reports

2026-06-08
Proofpoint
#Phishing #GitHub #VSCode #ContagiousInterview #T1566.002 #T1204.002 #T1059.007 #T1059.006 #T1555.003 #T1555.001 #T1056.001 #T1027 #T1105 #T1059.003 #UNK_DeadDrop
2026-04-30
Domaintools
#ContagiousInterview #Lazarus #T1005 #T1059.006 #T1204.001 #T1059.007 #T1036 #T1555 #T1059.004 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1555.003 #T1567 #T1071
2026-04-01
Hunt.io
#Axios #NPM #TA444 #Bluenoroff #T1055 #T1059.006 #T1070.004 #T1082 #T1553.002 #T1059.002 #T1059.001 #T1027 #T1036.005 #T1547.001 #T1071.001 #T1057 #T1195.002
2026-03-31
Trend Micro
#Axios #NPM #T1059.006 #T1070.004 #T1082 #T1036 #T1059.001 #T1059.005 #T1027 #T1620 #T1071.001 #T1195.002
2026-03-10
Cyble
#Wagemole #T1005 #T1059.006 #T1059.007 #T1083 #T1041 #T1560 #T1195 #T1027 #T1204.002 #T1555.003 #T1566.003 #T1071.001 #T1082
2026-01-13
Cyfirma
#Kimsuky #T1593 #T1055.012 #T1102.002 #T1190 #T1587 #T1059.005 #T1027 #T1583.006 #T1078.003 #T1071.002 #T1027.002 #T1562.004 #T1205 #T1550.002 #T1059.003 #T1566.001 #T1566 #T1553.002 #T1111 #T1071.003 #T1591 #T1003.001 #T1218.011 #T1585 #T1593.002 #T1620 #T1567.002 #T1585.002 #T1598 #T1583 #T1585.001 #T1588.002 #T1586.002 #T1587.001 #T1059.007 #T1588.005 #T1053.005 #T1204.001 #T1070.004 #T1583.004 #T1036.004 #T1041 #T1588.003 #T1656 #T1608.001 #T1204.002 #T1598.003 #T1589.003 #T1102.001 #T1105 #T1071.001 #T1594 #T1055 #T1059.006 #T1112 #T1218.010 #T1557 #T1219.002 #T1583.001 #T1059.001 #T1593.001 #T1218.005 #T1589.002 #T1657 #T1555.003 #T1036.005 #T1133 #T1566.002 #T1056.001 #T1584.001 #T1070.006 #T1596
2026-01-12
Red Asgard
#ContagiousInterview #Lazarus #T1059.006 #T1059.007 #T1562.001 #T1053.005 #T1539 #T1555 #T1573.002 #T1048.003 #T1204.002 #T1036.005 #T1566.003 #T1573.001 #T1547.001 #T1102.001 #T1027.002 #T1496
2025-10-27
Ransom ISAC
#DevPopper #EtherHiding #T1547 #T1059.006 #T1059.007 #T1005 #T1573 #T1566 #T1041 #T1219 #T1195 #T1027 #T1204.002 #T1555.003 #T1095 #T1567 #T1071.001 #T1140 #T1082
2025-07-28
Wiz
#Bybit #DMM #JumpCloud #NPM #TraderTraitor #T1027 #T1566.003 #T1552.004 #T1195.001 #T1082 #T1566.001 #T1553.002 #T1199 #T1609 #T1078 #T1059.007 #T1041 #T1555 #T1550.004 #T1588.003 #T1204.002 #T1105 #T1071.001 #T1195.002 #T1059.006 #T1087.004 #T1566.002 #T1580 #T1578.005 #T1059
2025-05-14
Cyfirma
#Group123 #T1102.002 #T1203 #T1123 #T1059.005 #T1106 #T1027 #T1559.002 #T1057 #T1082 #T1561.002 #T1548.002 #T1059.003 #T1566.001 #T1529 #T1120 #T1547.001 #T1005 #T1053.005 #T1036.001 #T1204.002 #T1105 #T1071.001 #T1094 #T1055 #T1059.006 #T1189 #T1027.003 #T1033 #T1555.003 #T1059
2025-02-20
ESET
#BeaverTail #DeceptiveDevelopment #InvisibleFerret #T1025 #T1567.004 #T1555.001 #T1027.013 #T1016 #T1071.002 #T1566.003 #T1564.003 #T1552.001 #T1583.003 #T1082 #T1614 #T1119 #T1059.003 #T1074.001 #T1140 #T1030 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1041 #T1564.001 #T1010 #T1219 #T1608.001 #T1204.002 #T1571 #T1071.001 #T1059.006 #T1115 #T1083 #T1124 #T1555.003 #T1056.001 #T1133 #T1021.001 #T1095 #T1560.002 #T1657 #T1217
2025-02-12
Cyfirma
#APT43 #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001
2024-11-04
Zscaler
#BeaverTail #ContagiousInterview #InvisibleFerret #Wagemole #T1005 #T1059.006 #T1059.007 #T1083 #T1041 #T1027.013 #T1555.003 #T1204.002 #T1071.002 #T1566.003 #T1560.001 #T1071.001 #T1082
2024-09-12
Cyfirma
#Kimsuky #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001
2024-07-31
Securonix
#DevPopper #NPM #T1059.006 #T1070.004 #T1082 #T1027.010 #T1059.003 #T1041 #T1059.001 #T1560 #T1033 #T1132
« Back