UPSTYLE
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[UPSTYLE](https://attack.mitre.org/software/S1164) is a Python-based backdoor associated with exploitation of Palo Alto firewalls using CVE-2024-3400 in early 2024. [UPSTYLE](https://attack.mitre.org/software/S1164) has only been observed in relation to this exploitation activity, which involved attempted install on compromised devices by the threat actor UTA0218.(Citation: Volexity UPSTYLE 2024)(Citation: Palo Alto MidnightEclipse APR 2024)
Associated Techniques (12)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1001.001 | Junk Data | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1036 | Masquerading | - |
| T1057 | Process Discovery | - |
| T1059.006 | Python | - |
| T1070.002 | Clear Linux or Mac System Logs | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1102.003 | One-Way Communication | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1546 | Event Triggered Execution | - |
| T1665 | Hide Infrastructure | - |
Metadata
| ID: | 96 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |