TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
==================================================================================================================================================
IoC									Description					Detection name/Solution
7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9	telnyx==4.87.1 (malicious package)		Trojan.Python.TPCPSTEAL.A
cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3	telnyx==4.87.2 (malicious package)		Trojan.Python.TPCPSTEAL.A
23b1ec58649170650110ecad96e5a9490d98146e105226a16d898fbe108139e5	telnyx/_client.py				Trojan.Python.TPCPSTEAL.B
ab4c4aebb52027bf3d2f6b2dcef593a1a2cff415774ea4711f7d6e0aa1451d4e	telnyx/_client.py				Trojan.Python.TPCPSTEAL.B
hxxps[://]83[.]142[.]209[.]203:8080					Data exfiltration endpoint			91 - C&C server
hxxps[://]83[.]142[.]209[.]203:8080/hangup[.]wav			Payload delivery				79 - Disease Vector
hxxps[://]83[.]142[.]209[.]203:8080/ringtone[.]wav			Payload delivery				79 - Disease Vector
%APPDATA%\Microsoft\Windows\StartMenu\Programs\Startup\msbuild.exe	Path of decoded Windows payload from .wav file	
%APPDATA%\Microsoft\Windows\StartMenu\Programs\Startup\msbuild.exe.lock	Path of anti-replay mechanism file