Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Execution/ T1059.006

T1059.006Python

T1059.006 — Python is a MITRE ATT&CK technique in the Execution tactic. Clankerusecase tracks 72 detection use cases covering it and 42 threat-intel articles citing it.

Execution
View on the matrix → Filter Detection Library MITRE official spec ↗
72Use cases
42Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1059 · Command and Scripting Interpreter

Use cases covering this technique (72)

[WEEKLY] Developer/AI tooling runtime spawns shell or egress LOLBin (unauth RCE post-expl) Internal exploit · alerting DSPDDCS [WEEKLY] Developer/Data-tooling Daemon Spawns Shell Child Seconds After POST to Runner/Exec Endpoint Internal exploit · alerting DSPDD [WEEKLY] Developer interpreter / package-manager process exfiltrating tokens to public code-hosting / worker domains Internal install · alerting DSPDDCSCW [WEEKLY] Developer package install spawning script-host with non-registry C2 within 5 minutes Internal install · alerting DSPDD [WEEKLY] Language-runtime server (node/python/java) spawns OS shell shortly after inbound request — eval / sandbox-escape exploitation chain Internal exploit · alerting DSPDD [WEEKLY] Linux LPE chain — anomalous algif_aead/esp4/esp6/rxrpc kernel-module load followed by same-user root transition Internal exploit · alerting DSPDD [WEEKLY] Low-Code / AI Workflow Runtime Sandbox-Escape — Server Process Spawns Shell + Public Egress Internal exploit · alerting DSΣPDD [WEEKLY] Package install lifecycle hook spawns interpreter that reads developer credential stores Internal install · alerting DSPDDCS [WEEKLY] Package-manager install hook spawns interpreter that beacons to non-registry host within 120s Internal install · alerting DSPDD [WEEKLY] Package Manager Install Hook Spawns Scripting Interpreter Then Touches Credential Files or Egresses Off-Registry Internal install · alerting DSPDD [WEEKLY] Package-Manager Install -> Interpreter Child -> Non-Registry Egress Within 5 Minutes Internal install · alerting DSPDD [WEEKLY] Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes Internal install · alerting DSPDD [WEEKLY] Package-manager install-time interpreter spawn with credential-file read and outbound egress within 120s Internal install · alerting DSPDD [WEEKLY] Package manager lifecycle hook spawns runtime with outbound egress to non-registry host within 5 minutes Internal install · alerting DSPDD [WEEKLY] Package manager spawns network-fetching child to public code-hosting within minutes of install Internal install · alerting DSPDD [WEEKLY] Server / AI-agent process spawns shell or LOLBIN with public egress — post-RCE behavioural chain Internal exploit · alerting DSΣPDD [WEEKLY] Service-process parent spawns subprocess containing CLI-argument-injection tokens Internal exploit · alerting DSΣPDD [WEEKLY] Web App Interpreter (Node/Python/Java/PHP) Spawns Shell or Net-Download LOLBin on Internet-Facing Host Internal exploit · alerting DSPDD [LLM] Hades on-import payload: python interpreter spawns Bun runtime download Bespoke install · alerting DSΣPDDCS [LLM] VS Code/Cursor/Claude/Gemini spawns interpreter referencing folderOpen or SessionStart hook script Bespoke exploit · alerting DSΣPDDCS [LLM] CVE-2026-48039 PoC artifact execution (meta-ads-mcp-vuln001 image, FAKE_TOKEN_FOR_POC_DEMO env) Bespoke exploit · alerting DSΣPDDCS [LLM] Miasma worm GitHub commit-search C2 magic strings on command line or script Bespoke c2 · alerting DSΣPDDCS [LLM] Python interpreter downloads oven-sh Bun runtime v1.3.14 from GitHub releases at import time Bespoke install · alerting DSΣPDDCS [LLM] Bun runtime executed from temp directory by Python interpreter (Hades vF203 loader) Bespoke install · alerting DSΣPDDCS [LLM] Miasma/Shai-Hulud typosquat PyPI package installation (rsquests, tlask, langchain-core-mcp, durabletask) Bespoke delivery · alerting DSΣPDDCS [LLM] Miasma Phantom Gyp: python.exe (gyp parser) spawning node index.js during npm install Bespoke install · alerting DSΣPDDCS [LLM] Hades persistence: *-setup.pth file written into Python site-packages Bespoke install · alerting DSΣPDDCS [LLM] VerdantBamboo BRICKSTORM / PLENET / AGENTPSD file-hash IOCs Bespoke install · hunting DSΣPDDCS [LLM] AGENTPSD-style Python reverse shell spawned by sshd on Linux / NAS Bespoke install · hunting DSΣPDDCS [LLM] Jinja2 SSTI payload to Jupyter Enterprise Gateway /api/kernels (CVE-2026-44181) Bespoke exploit · alerting SΣPDD [LLM] Enterprise Gateway python container spawns shell or reads K8s service-account token (CVE-2026-44181 RCE) Bespoke install · alerting DSΣPDDCS [LLM] Kitty cat.py Python Backdoor File Drop / Execution (Nx Console Compromise) Bespoke install · alerting DSΣPDDCS [LLM] Unauthenticated JSON-RPC POST to PraisonAI /a2a endpoint (CVE-2026-47391 exploit) Bespoke delivery · hunting DSΣPDDCS [LLM] Suspicious child process spawned by PraisonAI uvicorn/python A2A server (eval() RCE evidence) Bespoke exploit · alerting DSΣPDDCS [LLM] PraisonAI Python subprocess spawns OS shell with discovery / credential-reading commands Bespoke exploit · alerting DSPDDCS [LLM] Literal PraisonAI sandbox-escape signature: `print.__self__` + builtins dict access Bespoke exploit · alerting DSΣPDDCS [LLM] Unauthenticated POST to PraisonAI `/chat` or `/agents` endpoint (incl. CVE-Detector scanner) Bespoke exploit · alerting DSΣPDDCW [LLM] PraisonAI python process spawning shell, curl, or wget (post-exploitation tool-use abuse) Bespoke actions · alerting DSΣPDDCS [LLM] Yamcs MDB algorithm PATCH with embedded Jython java.lang.Runtime payload (CVE-2026-46621) Bespoke exploit · alerting DSΣPDDCS [LLM] Yamcs JVM spawns shell or network utility (CVE-2026-46621 post-exploitation) Bespoke install · alerting DSΣPDDCS [LLM] Known Shai-Hulud / Nx Console implant hash match (SHA256/SHA1) Bespoke install · hunting DSΣPDDCS [LLM] Python backdoor self-daemonisation via __DAEMONIZED=1 spawned by VS Code helper or node Bespoke install · hunting DSΣPDDCS [LLM] TeamPCP Nx Console payload SHA256 hash match on developer endpoints Bespoke install · hunting DSΣPDDCS [LLM] Compromised Microsoft durabletask PyPI Package Install (TeamPCP 1.4.1-1.4.3) Bespoke delivery · alerting DSΣPDDCS [LLM] Installation of malicious guardrails-ai==0.10.1 PyPI package (CVE-2026-45758) Bespoke delivery · alerting DSΣPDDCS [LLM] Python process executing transformers.pyz dropped from git-tanstack.com (TeamPCP) Bespoke install · alerting DSΣPDDCS [LLM] python3 reading /proc/<PID>/mem to scrape Runner.Worker secrets Bespoke actions · alerting DSΣPDDCS [LLM] mistralai 2.4.6 dropper: Python interpreter executing /tmp/transformers.pyz as detached session Bespoke install · alerting DSΣPDDCS [LLM] Vulnerable utcp-cli package (<= 1.1.1) inventory hunt for CVE-2026-45369 Bespoke recon · hunting DSPDD [LLM] DeepSeek-TUI sub-agent shell execution via AGENTS.md prompt injection (CVE-2026-45374) Bespoke exploit · alerting DSΣPDD [LLM] Mini Shai-Hulud: Python subprocess spawns `_runtime/start.py` from lightning site-packages Bespoke install · alerting DSΣPDD [LLM] Python child process executing lightning _runtime/start.py bootstrapper Bespoke install · alerting DSΣPDD [LLM] Compromised elementary-data==0.23.3 PyPI install on developer / CI host Bespoke delivery · alerting DSΣPDDCS [LLM] Trinny marker file creation (.trinny-security-update) Bespoke install · alerting DSΣPDDCS [LLM] TeamPCP telnyx FetchAudio() — python subprocess running inline base64 exec Bespoke install · alerting DSΣPDDCS [LLM] pip install of malicious telnyx versions 4.87.1 / 4.87.2 Bespoke delivery · alerting DSΣPDDCS [LLM] Compromised litellm 1.82.7 / 1.82.8 PyPI install (TeamPCP supply-chain) Bespoke install · alerting DSΣPDDCS [LLM] Linux user-systemd sysmon persistence drop (~/.config/sysmon/sysmon.py + sysmon.service) Bespoke install · alerting DSΣPDDCS [LLM] Linux Python RAT orphaned via nohup python3 /tmp/ld.py (Axios npm payload) Bespoke install · alerting DSΣPDDCS [LLM] Python spawning python -c with base64.b64decode exec (litellm .pth stage-1 launcher) Bespoke install · alerting DSΣPDDCS [LLM] TeamPCP Linux/Mac stdin-piped Python second stage (sys.executable -) Bespoke exploit · hunting DSPDDCS [LLM] TeamPCP systemd backdoor — sysmon.py / sysmon.service persistence on CI runner Bespoke install · alerting DSΣPDD [LLM] Compromised bittensor-wallet 4.0.2 source-tarball SHA256 on disk Bespoke delivery · hunting DSΣPDD [LLM] ForceMemo: Node.js v22.9.0 spawned by Python from user home directory Bespoke install · alerting DSΣPDD [LLM] Python .pth startup hook executes subprocess to curl C2 (litellm fork-bomb pattern) Bespoke install · alerting DSΣPDDCS [LLM] Cacheract memdump.py download/execution on CI runner or developer host Bespoke install · alerting DSΣPDD [LLM] GitHub Actions runner — process reads runner worker memory to extract GITHUB_TOKEN Bespoke actions · hunting DSΣPDDCS [LLM] G_Wagon npm postinstall spawns python with stdin pipe (fileless payload exec) Bespoke install · alerting DSΣPDDCS [LLM] Python parent spawns detached 'python3 -' child reading payload from stdin Bespoke install · alerting DSΣPDDCS [LLM] Compromised tj-actions/changed-files commit SHA referenced on host (CVE-2025-30066 IOC hunt) Bespoke delivery · alerting DSΣPDDCS [LLM] PyPI install footprint of num2words v0.5.15/0.5.16 (Scavenger supply-chain compromise) Bespoke delivery · alerting DSΣPDD [LLM] Installation of poisoned Ultralytics PyPI package (v8.3.41 / 8.3.42 / 8.3.45 / 8.3.46) Bespoke install · alerting DSΣPDDCS

Articles citing this technique (42)

high Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files art-45
crit [GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token art-47
crit Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories art-48
high Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter art-78
crit Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues art-82
crit Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System art-85
high Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer art-90
crit VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances art-107
crit [GHSA / CRITICAL] CVE-2026-44181: Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execut art-134
high Nx Console VS Code Extension Compromised art-146
crit [GHSA / CRITICAL] CVE-2026-47391: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution art-165
crit [GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subpro art-166
crit [GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default art-167
crit [GHSA / CRITICAL] CVE-2026-46621: Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection art-191
crit 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough art-230
crit The Wild West of VS Code extensions and how a poisoned extension breached GitHub art-236
high GitHub breached via a malicious VS Code extension: why developer devices are the real target art-238
crit The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised art-248
crit [GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrails-ai 0.10.1 (supply chain compromise) art-255
med actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials art-268
crit [GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package art-272
crit [GHSA / CRITICAL] CVE-2026-45369: utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protoc art-288
crit [GHSA / CRITICAL] CVE-2026-45374: DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files art-292
high Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud art-339
crit lightning PyPI Compromise: A Bun-Based Credential Stealer in Python art-343
high Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers art-352
crit TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package art-413
high You Patched LiteLLM, But Do You Know Your AI Blast Radius? art-414
high Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT art-420
crit litellm: Credential Stealer Hidden in PyPI Wheel art-423
crit Popular telnyx package compromised on PyPI by TeamPCP art-425
high Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags art-428
crit bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys art-431
crit ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push art-434
crit How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM art-443
high kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package art-475
high 10,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making art-536
high G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets art-604
crit Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT art-608
crit When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach art-815
high Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise art-824
high Ultralytics AI Pwn Request Supply Chain Attack art-1055