Command and Scripting Interpreter: Python (T1059.006)
Tactic: Execution · Platforms: ESXi, Linux, macOS, Windows
The interactive view maps 1 detection strategy, 4 mitigations, 18 threat groups, 37 software entries, 4 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Command and Scripting Interpreter (T1059).
Overview
Adversaries may abuse Python commands and scripts for execution. Python is a very popular scripting/programming language, with capabilities to perform many functions. Python can be executed interactively from the command-line (via the python.exe interpreter) or via scripts (.py) that can be written and distributed to different systems. Python code can also be compiled into binary executables.
Python comes with many built-in packages to interact with the underlying system, such as file operations and device I/O. Adversaries can use these libraries to download and execute commands or other scripts as well as perform various malicious behaviors.