SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.teamtnt (Back to overview)

TeamTNT


Since Fall 2019, Team TNT is a well known threat actor which targets *nix based systems and misconfigured Docker container environments. It has constantly evolved its capabilities for its cloud-based cryptojacking operations. They have shifted their focus on compromising Kubernetes Clusters.

References
2021-11-03Trend MicroDavid Fiser, Alfredo Oliveira
@online{fiser:20211103:teamtnt:180af48, author = {David Fiser and Alfredo Oliveira}, title = {{TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments}}, date = {2021-11-03}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_ae/research/21/k/teamtnt-upgrades-arsenal-refines-focus-on-kubernetes-and-gpu-env.html}, language = {English}, urldate = {2021-11-08} } TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
TeamTNT
2021-10-07UptycsSiddharth Sharma
@online{sharma:20211007:team:50e3c4d, author = {Siddharth Sharma}, title = {{Team TNT Deploys Malicious Docker Image On Docker Hub}}, date = {2021-10-07}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/team-tnt-deploys-malicious-docker-image-on-docker-hub-with-pentesting-tools}, language = {English}, urldate = {2021-10-11} } Team TNT Deploys Malicious Docker Image On Docker Hub
TeamTNT
2021-10-06AnomaliTara Gould
@online{gould:20211006:inside:9391014, author = {Tara Gould}, title = {{Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server}}, date = {2021-10-06}, organization = {Anomali}, url = {https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server}, language = {English}, urldate = {2021-10-11} } Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server
TeamTNT
2021-09-14Cado SecurityCado Security
@online{security:20210914:teamtnt:bdb30cc, author = {Cado Security}, title = {{TeamTNT Script Employed to Grab AWS Credentials}}, date = {2021-09-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/teamtnt-script-employed-to-grab-aws-credentials/}, language = {English}, urldate = {2021-09-19} } TeamTNT Script Employed to Grab AWS Credentials
TeamTNT Tsunami
2021-09-08AT&TOfer Caspi
@online{caspi:20210908:teamtnt:f9ad39d, author = {Ofer Caspi}, title = {{TeamTNT with new campaign aka “Chimaera”}}, date = {2021-09-08}, organization = {AT&T}, url = {https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera}, language = {English}, urldate = {2021-09-10} } TeamTNT with new campaign aka “Chimaera”
TeamTNT
2021-09IntezerIntezer
@techreport{intezer:202109:teamtnt:425ab21, author = {Intezer}, title = {{TeamTNT: Cryptomining Explosion}}, date = {2021-09}, institution = {Intezer}, url = {https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf}, language = {English}, urldate = {2021-09-19} } TeamTNT: Cryptomining Explosion
TeamTNT Tsunami
2021-07-20Trend MicroDavid Fiser, Alfredo Oliveira
@techreport{fiser:20210720:tracking:9085bb7, author = {David Fiser and Alfredo Oliveira}, title = {{Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group}}, date = {2021-07-20}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf}, language = {English}, urldate = {2021-07-26} } Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group
TeamTNT
2021-02-20MalpediaMalpedia
@online{malpedia:20210220:malpedia:db1282e, author = {Malpedia}, title = {{Malpedia Website for Malware Family Team TNT}}, date = {2021-02-20}, organization = {Malpedia}, url = {https://malpedia.caad.fkie.fraunhofer.de/details/elf.teamtnt}, language = {English}, urldate = {2021-03-12} } Malpedia Website for Malware Family Team TNT
TeamTNT TeamTNT
2021-02-17AquasecAssaf Morag
@online{morag:20210217:threat:b99a6f4, author = {Assaf Morag}, title = {{Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments}}, date = {2021-02-17}, organization = {Aquasec}, url = {https://blog.aquasec.com/teamtnt-campaign-against-docker-kubernetes-environment}, language = {English}, urldate = {2021-02-20} } Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments
TeamTNT TeamTNT
2021-02-03Palo Alto Networks Unit 42Jay Chen, Aviv Sasson, Ariel Zelivansky
@online{chen:20210203:hildegard:f3ca3bc, author = {Jay Chen and Aviv Sasson and Ariel Zelivansky}, title = {{Hildegard: New TeamTNT Malware Targeting Kubernetes}}, date = {2021-02-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/}, language = {English}, urldate = {2021-02-04} } Hildegard: New TeamTNT Malware Targeting Kubernetes
TeamTNT TeamTNT
2021-01-27AT&TOfer Caspi
@online{caspi:20210127:teamtnt:8ebf267, author = {Ofer Caspi}, title = {{TeamTNT delivers malware with new detection evasion tool}}, date = {2021-01-27}, organization = {AT&T}, url = {https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool}, language = {English}, urldate = {2021-01-27} } TeamTNT delivers malware with new detection evasion tool
TeamTNT TeamTNT
2021-01-05Lacework LabsLacework Labs
@online{labs:20210105:teamtnt:8508ba0, author = {Lacework Labs}, title = {{TeamTNT Builds Botnet from Chinese Cloud Servers}}, date = {2021-01-05}, organization = {Lacework Labs}, url = {https://www.lacework.com/teamtnt-builds-botnet-from-chinese-cloud-servers/}, language = {English}, urldate = {2021-03-12} } TeamTNT Builds Botnet from Chinese Cloud Servers
TeamTNT TNTbotinger TeamTNT
2020-12-21IntezerIntezer
@online{intezer:20201221:top:9529707, author = {Intezer}, title = {{Top Linux Cloud Threats of 2020}}, date = {2020-12-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/}, language = {English}, urldate = {2020-12-26} } Top Linux Cloud Threats of 2020
AgeLocker Anchor_DNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT
2020-08-17Cado SecurityChris Doman, James Campbell
@online{doman:20200817:team:a654242, author = {Chris Doman and James Campbell}, title = {{Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials}}, date = {2020-08-17}, organization = {Cado Security}, url = {https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/}, language = {English}, urldate = {2020-08-19} } Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials
TeamTNT
2020-08-17Cado SecurityChris Doman
@online{doman:20200817:team:01dd484, author = {Chris Doman}, title = {{Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials}}, date = {2020-08-17}, organization = {Cado Security}, url = {https://www.cadosecurity.com/post/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials}, language = {English}, urldate = {2021-03-12} } Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials
TeamTNT TeamTNT

There is no Yara-Signature yet.