add TeamTNT

This commit is contained in:
Delta-Sierra 2021-02-22 16:38:18 +01:00
parent 96bf0d44ea
commit 7c1ac58141

View file

@ -8455,6 +8455,23 @@
},
"uuid": "2ee5ed7a-c4d0-40be-a837-20817474a15b",
"value": "UNC2452"
},
{
"description": "In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Docker Hub, the attackers are targeting misconfigured docker daemons, Kubeflow dashboards, and Weave Scope, exploiting these environments in order to steal cloud credentials, open backdoors, mine cryptocurrency, and launch a worm that is looking for the next victim.\nThey're linked to the First Crypto-Mining Worm to Steal AWS Credentials and Hildegard Cryptojacking malware.\nTeamTNT is a relatively recent addition to a growing number of threats targeting the cloud. While they employ some of the same tactics as similar groups, TeamTNT stands out with their social media presence and penchant for self-promotion. Tweets from the TeamTNTs account are in both English and German although it is unknown if they are located in Germany.",
"meta": {
"refs": [
"https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/",
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.teamtnt",
"https://blog.aquasec.com/teamtnt-campaign-against-docker-kubernetes-environment",
"https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool",
"https://www.cadosecurity.com/post/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials",
"https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/",
"https://www.trendmicro.com/en_us/research/20/l/teamtnt-now-deploying-ddos-capable-irc-bot-tntbotinger.html",
"https://cyware.com/news/hildegard-teamtnts-new-feature-rich-malware-targeting-kubernetes-6587eb45?utm_content=154419915&utm_medium=social&utm_source=twitter&hss_channel=tw-23713770"
]
},
"uuid": "27de6a09-844b-4dcb-9ff9-7292aad826ba",
"value": "TeamTNT"
}
],
"version": 198