# [HIGH] Dependency injection in Python **Source:** Snyk **Published:** 2023-10-31 **Article:** https://snyk.io/blog/dependency-injection-python/ ## Threat Profile Snyk Blog In this article Written by Lucien Chemaly October 31, 2023 0 mins read Dependency injection (DI) might sound complex, but it's really just about enhancing your code's flexibility. It's like giving your software a boost to be more adaptable and robust. And because Python is a popular coding language, understanding dependency injection is especially valuable. Think about creating software that's not only good but excellent — easy to adjust, expand, and secure. That's the essence of DI i… ## Indicators of Compromise (high-fidelity only) - _No high-fidelity IOCs in the RSS summary._ If the source publishes a technical write-up with defanged IOCs in the body, those would be picked up automatically on the next pipeline run. ## MITRE ATT&CK Techniques - **T1204.002** — User Execution: Malicious File ## Kill chain phases observed _(none detected from narrative keywords)_ ## Recommended hunts ### Article-specific behavioural hunt — Dependency injection in Python `UC_1346_0` · phase: **exploit** · confidence: **High** **Splunk SPL (CIM):** ```spl ``` Article-specific bespoke detection — Dependency injection in Python ``` | tstats `summariesonly` count earliest(_time) AS firstTime latest(_time) AS lastTime from datamodel=Endpoint.Processes where (Processes.process_name IN ("app.py","manage.py","settings.py","services.py","main.py")) by Processes.dest, Processes.user, Processes.process_name, Processes.process, Processes.parent_process_name, Processes.process_path | `drop_dm_object_name(Processes)` | `security_content_ctime(firstTime)` | append [ | tstats `summariesonly` count from datamodel=Endpoint.Filesystem where Filesystem.action IN ("created","modified") AND (Filesystem.file_name IN ("app.py","manage.py","settings.py","services.py","main.py")) by Filesystem.dest, Filesystem.user, Filesystem.process_name, Filesystem.file_path, Filesystem.file_name | `drop_dm_object_name(Filesystem)` ] ``` **Defender KQL:** ```kql // Article-specific bespoke detection — Dependency injection in Python // Hunts the actual binaries / paths / commandline fragments named // in the article instead of a generic technique-class template. DeviceProcessEvents | where Timestamp > ago(30d) | where (FileName in~ ("app.py", "manage.py", "settings.py", "services.py", "main.py")) | project Timestamp, DeviceName, AccountName, FileName, FolderPath, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessCommandLine | order by Timestamp desc // File-creation events for the named binaries / paths DeviceFileEvents | where Timestamp > ago(30d) | where ActionType in ("FileCreated","FileModified") | where (FileName in~ ("app.py", "manage.py", "settings.py", "services.py", "main.py")) | project Timestamp, DeviceName, AccountName, FolderPath, FileName, ActionType, InitiatingProcessFileName, InitiatingProcessCommandLine | order by Timestamp desc ``` ## Why this matters Severity classified as **HIGH** based on: 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.