TIARAS - T1153: Source

MITRE ATT&CK Technique

Execution T1153

Description

**This technique has been deprecated and should no longer be used.** The <code>source</code> command loads functions into the current shell or executes files in the current context. This built-in command can be run in two different ways <code>source /path/to/filename [arguments]</code> or <code>.**This technique has been deprecated and should no longer be used.** /path/to/filename [arguments]</code>. Take note of the space after the ".". Without a space, a new shell is created that runs the program instead of running the program within the current context. This is often used to make certain features or functions available to a shell or to update a specific shell's environment.(Citation: Source Manual) Adversaries can abuse this functionality to execute programs. The file executed with this technique does not need to be marked executable beforehand.

Supported Platforms

Linux macOS

Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data

{'created': '2017-12-14T16:46:06.044Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '**This technique has been deprecated and should no longer be '
                'used.**\n'
                '\n'
                'The <code>source</code> command loads functions into the '
                'current shell or executes files in the current context. This '
                'built-in command can be run in two different ways '
                '<code>source /path/to/filename [arguments]</code> or '
                '<code>.**This technique has been deprecated and should no '
                'longer be used.** /path/to/filename [arguments]</code>. Take '
                'note of the space after the ".". Without a space, a new shell '
                'is created that runs the program instead of running the '
                'program within the current context. This is often used to '
                'make certain features or functions available to a shell or to '
                "update a specific shell's environment.(Citation: Source "
                'Manual)\n'
                '\n'
                'Adversaries can abuse this functionality to execute programs. '
                'The file executed with this technique does not need to be '
                'marked executable beforehand.',
 'external_references': [{'external_id': 'T1153',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1153'},
                         {'description': 'ss64. (n.d.). Source or Dot '
                                         'Operator. Retrieved May 21, 2019.',
                          'source_name': 'Source Manual',
                          'url': 'https://ss64.com/bash/source.html'}],
 'id': 'attack-pattern--45d84c8b-c1e2-474d-a14d-69b5de0a2bc0',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'execution'}],
 'modified': '2025-10-24T17:48:43.489Z',
 'name': 'Source',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': True,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Linux', 'macOS'],
 'x_mitre_version': '2.1'}

Quick Actions

Edit TTP Update from Web

Back to TTPs

Dashboard About