{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/pytorch-foundation/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["macOS","Python","PyTorch"],"_cs_severities":["medium"],"_cs_tags":["execution","macos","python"],"_cs_type":"advisory","_cs_vendors":["Apple","Python Software Foundation","PyTorch Foundation"],"content_html":"\u003cp\u003eThis detection identifies the initial instance of a Python process spawning a shell on a macOS host. Attackers often leverage Python code execution, gained through malicious scripts, compromised dependencies, or insecure model file deserialization (e.g., pickle/PyTorch \u003ccode\u003e__reduce__\u003c/code\u003e), to spawn shell processes. These shell processes are then used for reconnaissance, credential theft, persistence, or establishing reverse shells. The rule specifically looks for shell invocations using the \u003ccode\u003e-c\u003c/code\u003e flag, which is often used to execute commands directly within the shell. Given that legitimate Python workflows typically avoid using \u003ccode\u003e-c\u003c/code\u003e to execute shell commands, the first appearance of such behavior on a host is a significant indicator of a potential compromise. The rule leverages a 7-day window to establish the first occurrence baseline.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to a macOS system via methods such as phishing or exploiting a vulnerable service.\u003c/li\u003e\n\u003cli\u003eAttacker uploads or introduces a malicious Python script or compromises an existing Python dependency.\u003c/li\u003e\n\u003cli\u003eThe malicious Python script is executed. This could occur via a user executing the script, a cron job, or a compromised application loading the script.\u003c/li\u003e\n\u003cli\u003eThe Python script uses the \u003ccode\u003esubprocess\u003c/code\u003e module or a similar function to spawn a shell process (e.g., bash, sh, zsh) with the \u003ccode\u003e-c\u003c/code\u003e flag.\u003c/li\u003e\n\u003cli\u003eThe shell executes a command provided by the Python script, such as system reconnaissance (\u003ccode\u003ewhoami\u003c/code\u003e, \u003ccode\u003eifconfig\u003c/code\u003e), credential access (\u003ccode\u003esecurity dump-keychain\u003c/code\u003e), or persistence mechanisms.\u003c/li\u003e\n\u003cli\u003eThe attacker may establish a reverse shell to maintain access to the compromised system.\u003c/li\u003e\n\u003cli\u003eThe attacker performs lateral movement or exfiltrates sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation can lead to a wide range of consequences, including unauthorized access to sensitive data, system compromise, and lateral movement within the network. While specific victim counts or sectors targeted are not provided, the attack could impact any macOS environment where Python is used, particularly those handling sensitive information or running custom Python scripts.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003ePython Shell Spawned with -c\u003c/code\u003e to your SIEM to detect the behavior described in this brief and tune for your environment.\u003c/li\u003e\n\u003cli\u003eEnable Sysmon process creation logging to ensure the \u003ccode\u003eprocess_creation\u003c/code\u003e log category is populated, allowing for accurate detection using the provided Sigma rules.\u003c/li\u003e\n\u003cli\u003eInvestigate any alerts generated by the Sigma rule, focusing on the parent Python process and the executed shell command to understand the context of the activity.\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003eweights_only=True\u003c/code\u003e enforcement for PyTorch model loading across the environment, as referenced in the \u0026quot;https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/\u0026quot; reference.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-07-02T12:00:00Z","date_published":"2024-07-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-07-python-shell-macos/","summary":"This rule detects the first time a Python process spawns a shell on a given macOS host using the `-c` flag, indicating potential malicious activity stemming from compromised Python environments.","title":"First Time Python Spawned a Shell on macOS Host","url":"https://feed.craftedsignal.io/briefs/2024-07-python-shell-macos/"}],"language":"en","title":"CraftedSignal Threat Feed - PyTorch Foundation","version":"https://jsonfeed.org/version/1.1"}