← Back to Actors
TeamTNT
TeamTNT
[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September...
59
Techniques
57
Covered
2
Gaps
97%
Coverage
Coverage57/59
COVERED (57)
T1007System Service Discovery15 det.T1014Rootkit30 det.T1016System Network Configuration Discovery39 det.T1021.004SSH34 det.T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File8 det.T1036Masquerading525 det.T1036.005Match Legitimate Resource Name or Location44 det.T1046Network Service Discovery51 det.T1048Exfiltration Over Alternative Protocol34 det.T1049System Network Connections Discovery22 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.004Unix Shell155 det.T1059.009Cloud API6 det.T1059.013Container CLI/API1 det.T1070.002Clear Linux or Mac System Logs8 det.T1070.003Clear Command History15 det.T1070.004File Deletion42 det.T1071Application Layer Protocol104 det.T1071.001Web Protocols80 det.T1074.001Local Data Staging10 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1098.004SSH Authorized Keys12 det.T1102Web Service34 det.T1105Ingress Tool Transfer183 det.T1120Peripheral Device Discovery4 det.T1133External Remote Services72 det.T1136.001Local Account43 det.T1140Deobfuscate/Decode Files or Information58 det.T1204.003Malicious Image10 det.T1219Remote Access Tools40 det.T1222.002Linux and Mac Permissions18 det.T1496.001Compute Hijacking2 det.T1518.001Security Software Discovery10 det.T1543.002Systemd Service12 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.001Credentials In Files61 det.T1552.004Private Keys22 det.T1552.005Cloud Instance Metadata API14 det.T1562.001Disable or Modify Tools311 det.T1562.004Disable or Modify System Firewall48 det.T1583.001Domains61 det.T1587.001Malware10 det.T1595.001Scanning IP Blocks6 det.T1595.002Vulnerability Scanning12 det.T1608.001Upload Malware3 det.T1609Container Administration Command26 det.T1610Deploy Container16 det.T1611Escape to Host38 det.T1613Container and Resource Discovery38 det.T1685Disable or Modify Tools278 det.T1685.006Clear Linux or Mac System Logs4 det.T1686Disable or Modify System Firewall19 det.