Phoenix
Sigma IntelligenceBeta
Back to Rules
Emerging Threathighexperimental

TeamPCP LiteLLM Supply Chain Attack Persistence Indicators

Detects the creation of specific persistence files as observed in the LiteLLM PyPI supply chain attack. In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP. The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch
Swachchhanda Shrawan Poudel (Nextron Systems)Created Mon Mar 3081c0b7f5-81c9-435e-a291-bc32fc2b72cd2026
Emerging Threat
Active Threat

Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.

Log Source
LinuxFile Event
ProductLinux← raw: linux
CategoryFile Event← raw: file_event

Events for file system activity including creation, modification, and deletion.

Detection Logic
Detection Logic1 selector
detection:
    selection:
        Image|contains: '/python3'
        TargetFilename|endswith:
            - '/.config/sysmon/sysmon.py'
            - '/.config/systemd/user/sysmon.service'
    condition: selection
False Positives
Unknown

False positive likelihood has not been assessed. Additional context may be needed during triage.

References
1
Resolving title…
novasky.io
2
Resolving title…
virustotal.com
3
Resolving title…
huskyhacks.io
4
Resolving title…
wiz.io
MITRE ATT&CK

Other

detection.emerging-threats
Rule Metadata
Rule ID
81c0b7f5-81c9-435e-a291-bc32fc2b72cd
Status
experimental
Level
high
Type
Emerging Threat
Created
Mon Mar 30
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Path
rules-emerging-threats/2026/TA/TeamPCP/file_event_lnx_teampcp_litellm_supply_chain_attack_indicators.yml
Raw Tags
attack.persistenceattack.privilege-escalationattack.t1543.002attack.initial-accessattack.t1195.002detection.emerging-threats
View on GitHub