Home/ MITRE Matrix/ Execution/ T1106

T1106Native API

T1106 — Native API is a MITRE ATT&CK technique in the Execution tactic. Clankerusecase tracks 4 detection use cases covering it and 6 threat-intel articles citing it.

Execution

View on the matrix → Filter Detection Library MITRE official spec ↗

4Use cases

6Articles

0Sub-techniques

1Tactic

Use cases covering this technique (4)

[LLM] Machine-cadence post-auth FortiGate CLI/API calls in single session (MCP-orchestrated) Bespoke install · hunting DSPDD [LLM] mistralai 2.4.6 dropper: Python interpreter executing /tmp/transformers.pyz as detached session Bespoke install · alerting DSΣPDDCS [LLM] Four-way node.exe -e fanout spawned from VSCode shell descendants (BlokTrooper stage-2) Bespoke install · alerting DSPDDCS [LLM] DaemonicLogistics fake-Tencent payload drop (logo.gif at %PROGRAMDATA%\Tencent\QQUpdateMgr\UpdateFiles) Bespoke install · alerting DSΣP

Articles citing this technique (6)

high AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. art-51

crit [GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package art-272

crit fast-draft Open VSX Extension Compromised by BlokTrooper art-459

crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695

crit Gotta fly: Lazarus targets the UAV sector art-734