MechaFlounder

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[MechaFlounder](https://attack.mitre.org/software/S0459) is a python-based remote access tool (RAT) that has been used by [APT39](https://attack.mitre.org/groups/G0087). The payload uses a combination of actor developed code and code snippets freely available online in development communities.(Citation: Unit 42 MechaFlounder March 2019)

Associated Techniques (8)

ID	ATT&CK	Tactics
T1033	System Owner/User Discovery	-
T1036.005	Match Legitimate Resource Name or Location	-
T1041	Exfiltration Over C2 Channel	-
T1059.003	Windows Command Shell	-
T1059.006	Python	-
T1071.001	Web Protocols	-
T1105	Ingress Tool Transfer	-
T1132.001	Standard Encoding	-

Used by Actors (1)

APT39
Unknown

Metadata

ID:	610
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00