EXPLORE
Sign In
← Back to Actors

TeamTNT

TeamTNT

[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September...

56
Techniques
54
Covered
2
Gaps
96%
Coverage
Coverage54/56

GAPS (2)

T1569.003SystemctlT1680Local Storage Discovery

COVERED (54)

T1007System Service Discovery11 det.T1014Rootkit29 det.T1016System Network Configuration Discovery35 det.T1021.004SSH31 det.T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File7 det.T1036Masquerading493 det.T1036.005Match Legitimate Resource Name or Location44 det.T1046Network Service Discovery49 det.T1048Exfiltration Over Alternative Protocol31 det.T1049System Network Connections Discovery21 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.004Unix Shell149 det.T1059.009Cloud API5 det.T1059.013Container CLI/API1 det.T1070.002Clear Linux or Mac System Logs8 det.T1070.003Clear Command History14 det.T1070.004File Deletion40 det.T1071Application Layer Protocol100 det.T1071.001Web Protocols74 det.T1074.001Local Data Staging10 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1098.004SSH Authorized Keys12 det.T1102Web Service33 det.T1105Ingress Tool Transfer170 det.T1120Peripheral Device Discovery4 det.T1133External Remote Services72 det.T1136.001Local Account42 det.T1140Deobfuscate/Decode Files or Information55 det.T1204.003Malicious Image10 det.T1219Remote Access Tools33 det.T1222.002Linux and Mac File and Directory Permissions Modification17 det.T1496.001Compute Hijacking2 det.T1518.001Security Software Discovery8 det.T1543.002Systemd Service12 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder50 det.T1552.001Credentials In Files53 det.T1552.004Private Keys20 det.T1552.005Cloud Instance Metadata API11 det.T1562.001Disable or Modify Tools300 det.T1562.004Disable or Modify System Firewall45 det.T1583.001Domains61 det.T1587.001Malware9 det.T1595.001Scanning IP Blocks6 det.T1595.002Vulnerability Scanning12 det.T1608.001Upload Malware2 det.T1609Container Administration Command17 det.T1610Deploy Container16 det.T1611Escape to Host28 det.T1613Container and Resource Discovery30 det.