Adversaries may abuse Python commands and scripts for execution. Python is a very popular scripting/programming language, with capabilities to perform many functions. Python can be executed interactively from the command-line (via the <code>python.exe</code> interpreter) or via scripts (.py) that can be written and distributed to different systems. Python code can also be compiled into binary executables.
Python comes with many built-in packages to interact with the underlying system, such as file operations and device I/O. Adversaries can use these libraries to download and execute commands or other scripts as well as perform various malicious behaviors.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-6 | Least Privilege | Protects | T1059.006 | Python |
CM-11 | User-installed Software | Protects | T1059.006 | Python |
CM-3 | Configuration Change Control | Protects | T1059.006 | Python |
CM-5 | Access Restrictions for Change | Protects | T1059.006 | Python |
CM-7 | Least Functionality | Protects | T1059.006 | Python |
SI-10 | Information Input Validation | Protects | T1059.006 | Python |
SI-2 | Flaw Remediation | Protects | T1059.006 | Python |
SI-3 | Malicious Code Protection | Protects | T1059.006 | Python |
SI-4 | System Monitoring | Protects | T1059.006 | Python |
SI-7 | Software, Firmware, and Information Integrity | Protects | T1059.006 | Python |
CVE-2019-16784 | PyInstaller | secondary_impact | T1059.006 | Python |
action.hacking.variety.Abuse of functionality | Abuse of functionality | related-to | T1059.006 | Command and Scripting Interpreter: Python |
action.hacking.vector.Command shell | Remote shell | related-to | T1059.006 | Command and Scripting Interpreter: Python |