Home/ MITRE Matrix/ Persistence/ T1546.018

T1546.018Python Startup Hooks

T1546.018 — Python Startup Hooks is a MITRE ATT&CK technique in the Persistence tactic. Clankerusecase tracks 2 detection use cases covering it and 1 threat-intel article citing it.

PersistencePrivilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

2Use cases

1Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1546 · Event Triggered Execution

Use cases covering this technique (2)

[LLM] Malicious litellm 1.82.7/1.82.8 wheel install drops litellm_init.pth in site-packages Bespoke delivery · alerting DSΣPDDCS [LLM] Python .pth startup hook executes subprocess to curl C2 (litellm fork-bomb pattern) Bespoke install · alerting DSΣPDDCS

Articles citing this technique (1)

crit How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM art-443