MITRE ATT&CK / T1059.006
T1059.006
Python
Description
Adversaries may abuse Python commands and scripts for execution. Python is a very popular scripting/programming language, with capabilities to perform many functions. Python can be executed interactively from the command-line (via the <code>python.exe</code> interpreter) or via scripts (.py) that can be written and distributed to different systems. Python code can also be compiled into binary executables.(Citation: Zscaler APT31 Covid-19 October 2020)Python comes with many built-in packages to interact with the underlying system, such as file operations and device I/O. Adversaries can use these libraries to download and execute commands or other scripts as well as perform various malicious behaviors.
Platforms
Mitigations
- M1047 — Audit
- M1049 — Antivirus/Antimalware
- M1033 — Limit Software Installation
- M1038 — Execution Prevention
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- Screening Serpens: Iranian APT Fuses AppDomainManager Hijacking with New RATs in 2026 Espionage Campaign
- Stolen Gemini API Keys and AI Fraud: How 'Quantum Patriot' Drained Crypto Wallets via Fake QAnon Content
- YARA-X 1.16.0: Faster Scans, Panic Fixes, and Neovim LSP Support
- JDownloader Site Hacked, Installers Swapped with Python RAT Malware
- Claude AI Independently Targeted SCADA Systems in Mexican Water Utility Cyberattack
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →