Wiz
Blog

durabletask: TeamPCP's Latest PyPi Compromise

Discover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics.

Rami McCarthy

The supply chain campaign linked to TeamPCP continues with the compromise of durabletask v1.4.1, v1.4.2, and v1.4.3. DurableTask is the official Microsoft Python client for the Durable Task workflow execution framework.

The payload is a slight evolution of the one previously deployed in the compromise of the guardrails-ai package on May 11th.

Attributetransformers.pyz v2durabletask v1.4.1durabletask v1.4.2durabletask v1.4.3
StatusMalware payloadCompromisedCompromisedCompromised
C2 Domain83.142.209.194check.git-service.comcheck.git-service.comcheck.git-service.com
Backup C2-t.m-kosche.comt.m-kosche.comt.m-kosche.com
Payloadtransformers.pyzrope.pyzrope.pyzrope.pyz
Injection Pointsinit.pyinit.pytask.pyentities/init.py, extensions/init.py, payload/init.py
Target OSLinuxLinuxLinuxLinux
Credential StealingAWS, Azure, GCP, K8s, Vault, Filesystem, PasswordsYes (inherited)Yes (inherited)Yes (inherited)
AWS SSM PropagationNoYesYesYes
K8s Lateral MovementNoYesYesYes
Password Manager BruteforceNoYes (Bitwarden, 1Password, GPG)Yes (Bitwarden, 1Password, GPG)Yes (Bitwarden, 1Password, GPG)
History ScrapingNoYes (.bash_history, .zsh_history)YesYes
Propagation Limit-5 targets/host5 targets/host5 targets/host
Infection Marker-~/.cache/.sys-update-check~/.cache/.sys-update-check~/.cache/.sys-update-check
RSA KeyKey AKey B (new)Key B (new)Key B (new)
SSL VerificationDisabledEnabledEnabledEnabled


What steps should security teams take?

Wiz customers should refer to the Wiz Threat Intelligence Center Advisory on this incident.

  1. Immediately identify exposure: Search lockfiles and CI logs for durabletask versions 1.4.1, 1.4.2, or 1.4.3. Look for /tmp/managed.pyz or /tmp/rope-*.pyz on Linux systems.

  2. Check for persistence: Search for the infection marker ~/.cache/.sys-update-check (AWS/general) and ~/.cache/.sys-update-check-k8s (Kubernetes) on affected systems. Presence confirms payload execution. Check for running python3 /tmp/managed.pyz processes.

  3. Rotate all credentials: If exposure is suspected, rotate AWS credentials (especially IAM User credentials), Azure credentials, GCP service accounts, Kubernetes service accounts, Vault tokens, and any passwords stored in Bitwarden, 1Password, or pass/gopass. Assume shell history (.bash_history, .zsh_history) was exfiltrated.

  4. Audit AWS SSM and Kubernetes: Check CloudTrail for SSM:SendCommand and SSM:DescribeInstanceInformation calls from compromised instances. Review Kubernetes audit logs for unexpected kubectl exec activity. The worm propagates to up to 5 targets per infected host.

  5. Check password manager sessions: Review Bitwarden (bw) and 1Password (op) CLI usage. The payload attempts brute-force unlock using harvested passwords from environment variables and shell history.

  6. Block C2 infrastructure: Block check.git-service.com and t.m-kosche.com at the DNS/proxy level. Block outbound connections to the exfil endpoints /v1/models, /audio.mp3, and /api/public/version.

For longer term hardening guidance, Wiz has developed:

Indicators of compromise

FileHash
rope.pyz069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce
durabletask-1.4.1-py3-none-any.whl7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8
durabletask-1.4.2-py3-none-any.whlaeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5
durabletask-1.4.3-py3-none-any.whl877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec

Network Indicators

TypeIndicator
C2 Domain (Primary)check.git-service.com
C2 Domain (Secondary)t.m-kosche.com
Payload URLhttps://check.git-service[.]com/rope.pyz
Payload URL (Backup)https://t.m-kosche[.]com/rope.pyz
Killswitch/Command Endpoint/v1/models
Wipe Audio (Israel/Iran only)/audio.mp3
Exfil Endpoint/api/public/version
Legacy C2 IP83.142.209.194

Runtime Indicators

TypeIndicator
Downloaded Payload/tmp/managed.pyz
Downloaded Payload/tmp/rope-*.pyz
Infection Marker (General)~/.cache/.sys-update-check
Infection Marker (Kubernetes)~/.cache/.sys-update-check-k8s
SSM State File/tmp/.rope_state/ssm_instances.json

Tags
#Research

Continue reading

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo