TeamTNT

MISP
Type:
Unknown
Country:
Unknown
First seen:
Unknown
Details:

In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Docker Hub, the attackers are targeting misconfigured docker daemons, Kubeflow dashboards, and Weave Scope, exploiting these environments in order to steal cloud credentials, open backdoors, mine cryptocurrency, and launch a worm that is looking for the next victim.
They're linked to the First Crypto-Mining Worm to Steal AWS Credentials and Hildegard Cryptojacking malware.
TeamTNT is a relatively recent addition to a growing number of threats targeting the cloud. While they employ some of the same tactics as similar groups, TeamTNT stands out with their social media presence and penchant for self-promotion. Tweets from the TeamTNT’s account are in both English and German although it is unknown if they are located in Germany.

MITRE ATT&CK: View on MITRE
Techniques Used (56)
ID ATT&CK Tactics
T1007 System Service Discovery -
T1014 Rootkit -
T1016 System Network Configuration Discovery -
T1021.004 SSH -
T1027.002 Software Packing -
T1027.013 Encrypted/Encoded File -
T1036 Masquerading -
T1036.005 Match Legitimate Resource Name or Location -
T1046 Network Service Discovery -
T1048 Exfiltration Over Alternative Protocol -
T1049 System Network Connections Discovery -
T1057 Process Discovery -
T1059.001 PowerShell -
T1059.003 Windows Command Shell -
T1059.004 Unix Shell -
References (10)
Aliases (105)
Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra Adept Libra
Related Malware (4)
Hildegard
other
LaZagne
tool
MimiPenguin
tool
Peirates
tool
Metadata
ID: 303
Created: 13/01/2026 17:48
Updated: 07/03/2026 04:00