LiteLLM / TeamPCP Supply Chain Attack Indicators
Detects process executions related to the backdoored versions of LiteLLM (v1.82.7 or v1.82.8). In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP. The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.
Convert In Phoenix Studio
Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.
Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.
Events generated when a new process is spawned on the system. Covers command-line arguments, parent/child relationships, and process metadata.
detection:
selection_pth_package:
# Execution of .pth file
Image|contains: '/python3'
CommandLine|contains|all:
- "exec(base64.b64decode('aW1wb3J0"
- "kI2NF9TQ1JJUFQgPSAiYV"
selection_tar:
Image|endswith: '/tar'
CommandLine|contains|all:
- 'tpcp.tar.gz'
- 'payload.enc'
- 'session.key.enc'
selection_curl:
Image|endswith: '/curl'
CommandLine|contains|all:
- 'models.litellm.cloud'
- 'X-Filename: tpcp.tar.gz'
selection_sysmon_service:
ParentImage|contains: '/python3'
CommandLine|contains|all:
- 'systemctl'
- '--user'
- 'sysmon'
condition: 1 of selection_*False positive likelihood has not been assessed. Additional context may be needed during triage.
Sub-techniques
Other