Command and Scripting Interpreter: AutoHotKey & AutoIT

Other sub-techniques of Command and Scripting Interpreter (13)

ID	Name
ATAGS-T1046.001	AppleScript
ATAGS-T1046.002	AutoHotKey & AutoIT
ATAGS-T1046.003	Cloud API
ATAGS-T1046.004	Container CLI/API
ATAGS-T1046.005	Hypervisor CLI
ATAGS-T1046.006	JavaScript
ATAGS-T1046.007	Lua
ATAGS-T1046.008	Network Device CLI
ATAGS-T1046.009	Powershell
ATAGS-T1046.010	Python
ATAGS-T1046.011	Unix Shell
ATAGS-T1046.012	Visual Basic
ATAGS-T1046.013	Windows Command Shell

Threat actors may execute commands and perform malicious tasks using AutoIT and AutoHotKey automation scripts. AutoIT and AutoHotkey (AHK) are scripting languages that enable users to automate Windows tasks. These automation scripts can be used to perform a wide variety of actions, such as clicking on buttons, entering text, and opening and closing programs.

ID: ATAGS-T1046.002

Sub-technique of: ATAGS-T1046

ⓘ

Tactic: Execution

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.