Merge PR #5923 from @swachchhanda000 - Add litellm Supply Chain Attack Related Rules

new: TeamPCP LiteLLM Supply Chain Attack Persistence Indicators
new: LiteLLM / TeamPCP Supply Chain Attack Indicators

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>

rules-emerging-threats/2026/TA/TeamPCP/file_event_lnx_teampcp_litellm_supply_chain_attack_indicators.yml

@@ -0,0 +1,34 @@
+title: TeamPCP LiteLLM Supply Chain Attack Persistence Indicators
+id: 81c0b7f5-81c9-435e-a291-bc32fc2b72cd
+status: experimental
+description: |
+    Detects the creation of specific persistence files as observed in the LiteLLM PyPI supply chain attack.
+    In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP.
+    The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.
+references:
+    - https://novasky.io/hunts/hunting-litellm-supply-chain
+    - https://www.virustotal.com/gui/file/71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238/
+    - https://huskyhacks.io/posts/litellm-cred-stealer/
+    - https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign
+author: Swachchhanda Shrawan Poudel (Nextron Systems)
+date: 2026-03-30
+tags:
+    - attack.persistence
+    - attack.privilege-escalation
+    - attack.t1543.002
+    - attack.initial-access
+    - attack.t1195.002
+    - detection.emerging-threats
+logsource:
+    category: file_event
+    product: linux
+detection:
+    selection:
+        Image|contains: '/python3'
+        TargetFilename|endswith:
+            - '/.config/sysmon/sysmon.py'
+            - '/.config/systemd/user/sysmon.service'
+    condition: selection
+falsepositives:
+    - Unknown
+level: high

rules-emerging-threats/2026/TA/TeamPCP/proc_creation_lnx_teampcp_litellm_supply_chain_attack_indicators.yml

@@ -0,0 +1,54 @@
+title: LiteLLM / TeamPCP Supply Chain Attack Indicators
+id: 36603778-030c-43c4-8cbb-cd3c1d1a80c7
+status: experimental
+description: |
+    Detects process executions related to the backdoored versions of LiteLLM (v1.82.7 or v1.82.8).
+    In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP.
+    The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.
+references:
+    - https://novasky.io/hunts/hunting-litellm-supply-chain
+    - https://www.virustotal.com/gui/file/71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238/
+    - https://huskyhacks.io/posts/litellm-cred-stealer/
+    - https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign
+author: Swachchhanda Shrawan Poudel (Nextron Systems)
+date: 2026-03-30
+tags:
+    - attack.initial-access
+    - attack.t1195.002
+    - attack.collection
+    - attack.t1560.001
+    - attack.persistence
+    - attack.privilege-escalation
+    - attack.t1543.002
+    - detection.emerging-threats
+logsource:
+    category: process_creation
+    product: linux
+detection:
+    selection_pth_package:
+        # Execution of .pth file
+        Image|contains: '/python3'
+        CommandLine|contains|all:
+            - "exec(base64.b64decode('aW1wb3J0"
+            - "kI2NF9TQ1JJUFQgPSAiYV"
+    selection_tar:
+        Image|endswith: '/tar'
+        CommandLine|contains|all:
+            - 'tpcp.tar.gz'
+            - 'payload.enc'
+            - 'session.key.enc'
+    selection_curl:
+        Image|endswith: '/curl'
+        CommandLine|contains|all:
+            - 'models.litellm.cloud'
+            - 'X-Filename: tpcp.tar.gz'
+    selection_sysmon_service:
+        ParentImage|contains: '/python3'
+        CommandLine|contains|all:
+            - 'systemctl'
+            - '--user'
+            - 'sysmon'
+    condition: 1 of selection_*
+falsepositives:
+    - Unknown
+level: high