TeamTNT
Aliases: None listed
TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.
Open interactive actor investigation
ATT&CK techniques
T1133
External Remote ServicesT1219
Remote Access SoftwareT1569
System ServicesT1036.005
Match Legitimate Name or LocationT1222.002
Linux and Mac File and Directory Permissions ModificationT1070.004
File DeletionT1609
Container Administration CommandT1059.004
Unix ShellT1547.001
Registry Run Keys / Startup FolderT1543.002
Systemd ServiceT1136.001
Local AccountT1007
System Service DiscoveryT1049
System Network Connections DiscoveryT1562.004
Disable or Modify System FirewallT1543.003
Windows ServiceT1608.001
Upload MalwareT1059.003
Windows Command ShellT1610
Deploy ContainerT1613
Container and Resource DiscoveryT1048
Exfiltration Over Alternative ProtocolT1057
Process DiscoveryT1059.001
PowerShellT1552.005
Cloud Instance Metadata APIT1070.003
Clear Command HistoryT1074.001
Local Data StagingT1595.002
Vulnerability ScanningT1027.002
Software PackingT1204.003
Malicious ImageT1014
RootkitT1552.004
Private KeysT1562.001
Disable or Modify ToolsT1611
Escape to HostT1070.002
Clear Linux or Mac System LogsT1595.001
Scanning IP BlocksT1105
Ingress Tool TransferT1518.001
Security Software DiscoveryT1496.001
Compute HijackingT1083
File and Directory DiscoveryT1021.004
SSHT1036
MasqueradingT1140
Deobfuscate/Decode Files or InformationT1082
System Information DiscoveryT1027.013
Encrypted/Encoded FileT1016
System Network Configuration DiscoveryT1046
Network Service DiscoveryT1120
Peripheral Device DiscoveryT1071
Application Layer ProtocolT1098.004
SSH Authorized KeysT1583.001
DomainsT1059.009
Cloud APIT1071.001
Web ProtocolsT1552.001
Credentials In FilesT1587.001
MalwareT1102
Web Service
External Remote ServicesT1219
Remote Access SoftwareT1569
System ServicesT1036.005
Match Legitimate Name or LocationT1222.002
Linux and Mac File and Directory Permissions ModificationT1070.004
File DeletionT1609
Container Administration CommandT1059.004
Unix ShellT1547.001
Registry Run Keys / Startup FolderT1543.002
Systemd ServiceT1136.001
Local AccountT1007
System Service DiscoveryT1049
System Network Connections DiscoveryT1562.004
Disable or Modify System FirewallT1543.003
Windows ServiceT1608.001
Upload MalwareT1059.003
Windows Command ShellT1610
Deploy ContainerT1613
Container and Resource DiscoveryT1048
Exfiltration Over Alternative ProtocolT1057
Process DiscoveryT1059.001
PowerShellT1552.005
Cloud Instance Metadata APIT1070.003
Clear Command HistoryT1074.001
Local Data StagingT1595.002
Vulnerability ScanningT1027.002
Software PackingT1204.003
Malicious ImageT1014
RootkitT1552.004
Private KeysT1562.001
Disable or Modify ToolsT1611
Escape to HostT1070.002
Clear Linux or Mac System LogsT1595.001
Scanning IP BlocksT1105
Ingress Tool TransferT1518.001
Security Software DiscoveryT1496.001
Compute HijackingT1083
File and Directory DiscoveryT1021.004
SSHT1036
MasqueradingT1140
Deobfuscate/Decode Files or InformationT1082
System Information DiscoveryT1027.013
Encrypted/Encoded FileT1016
System Network Configuration DiscoveryT1046
Network Service DiscoveryT1120
Peripheral Device DiscoveryT1071
Application Layer ProtocolT1098.004
SSH Authorized KeysT1583.001
DomainsT1059.009
Cloud APIT1071.001
Web ProtocolsT1552.001
Credentials In FilesT1587.001
MalwareT1102
Web Service
