← Back to Actors
TeamTNT
TeamTNT
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September...
59
Techniques
57
Covered
2
Gaps
97%
Coverage
Coverage57/59
COVERED (57)
T1007System Service Discovery15 det.T1014Rootkit30 det.T1016System Network Configuration Discovery40 det.T1021.004SSH35 det.T1027.002Software Packing2 det.T1027.013Encrypted/Encoded File8 det.T1036Masquerading572 det.T1036.005Match Legitimate Resource Name or Location45 det.T1046Network Service Discovery51 det.T1048Exfiltration Over Alternative Protocol35 det.T1049System Network Connections Discovery22 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.004Unix Shell165 det.T1059.009Cloud API6 det.T1059.013Container CLI/API1 det.T1070.002Clear Linux or Mac System Logs8 det.T1070.003Clear Command History15 det.T1070.004File Deletion43 det.T1071Application Layer Protocol112 det.T1071.001Web Protocols81 det.T1074.001Local Data Staging10 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1098.004SSH Authorized Keys13 det.T1102Web Service35 det.T1105Ingress Tool Transfer184 det.T1120Peripheral Device Discovery4 det.T1133External Remote Services74 det.T1136.001Local Account43 det.T1140Deobfuscate/Decode Files or Information58 det.T1204.003Malicious Image10 det.T1219Remote Access Tools42 det.T1222.002Linux and Mac Permissions18 det.T1496.001Compute Hijacking2 det.T1518.001Security Software Discovery10 det.T1543.002Systemd Service13 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.001Credentials In Files61 det.T1552.004Private Keys23 det.T1552.005Cloud Instance Metadata API16 det.T1562.001Disable or Modify Tools316 det.T1562.004Disable or Modify System Firewall48 det.T1583.001Domains62 det.T1587.001Malware10 det.T1595.001Scanning IP Blocks7 det.T1595.002Vulnerability Scanning13 det.T1608.001Upload Malware3 det.T1609Container Administration Command27 det.T1610Deploy Container22 det.T1611Escape to Host45 det.T1613Container and Resource Discovery41 det.T1685Disable or Modify Tools279 det.T1685.006Clear Linux or Mac System Logs4 det.T1686Disable or Modify System Firewall19 det.