FRAMESTING

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[FRAMESTING](https://attack.mitre.org/software/S1120) is a Python web shell that was used during [Cutting Edge](https://attack.mitre.org/campaigns/C0029) to embed into an Ivanti Connect Secure Python package for command execution.(Citation: Mandiant Cutting Edge Part 2 January 2024)

Associated Techniques (7)

ID	ATT&CK	Tactics
T1001	Data Obfuscation	-
T1001.003	Protocol or Service Impersonation	-
T1059.006	Python	-
T1071.001	Web Protocols	-
T1140	Deobfuscate/Decode Files or Information	-
T1505.003	Web Shell	-
T1554	Compromise Host Software Binary	-

Metadata

ID:	528
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00