cti-ATT-CK-v13.1/enterprise-attack/intrusion-set/intrusion-set--35d1b3be-49d4-42f1-aaa6-ef159c880bca.json

{
    "type": "bundle",
    "id": "bundle--22c4f163-97f7-47f4-8241-4a4f6808b6ac",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-10-19T21:35:03.147Z",
            "name": "TeamTNT",
            "description": "[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)",
            "aliases": [
                "TeamTNT"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.2",
            "x_mitre_contributors": [
                "Will Thomas, Cyjax",
                "Darin Smith, Cisco"
            ],
            "type": "intrusion-set",
            "id": "intrusion-set--35d1b3be-49d4-42f1-aaa6-ef159c880bca",
            "created": "2021-10-01T01:57:31.229Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0139",
                    "external_id": "G0139"
                },
                {
                    "source_name": "ATT TeamTNT Chimaera September 2020",
                    "description": "AT&T Alien Labs. (2021, September 8). TeamTNT with new campaign aka Chimaera. Retrieved September 22, 2021.",
                    "url": "https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera"
                },
                {
                    "source_name": "Cado Security TeamTNT Worm August 2020",
                    "description": "Cado Security. (2020, August 16). Team TNT \u2013 The First Crypto-Mining Worm to Steal AWS Credentials. Retrieved September 22, 2021.",
                    "url": "https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/"
                },
                {
                    "source_name": "Unit 42 Hildegard Malware",
                    "description": "Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021.",
                    "url": "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/"
                },
                {
                    "source_name": "Trend Micro TeamTNT",
                    "description": "Fiser, D. Oliveira, A. (n.d.). Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group. Retrieved September 22, 2021.",
                    "url": "https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf"
                },
                {
                    "source_name": "Intezer TeamTNT September 2020",
                    "description": "Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.",
                    "url": "https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/"
                },
                {
                    "source_name": "Intezer TeamTNT Explosion September 2021",
                    "description": "Intezer. (2021, September 1). TeamTNT Cryptomining Explosion. Retrieved October 15, 2021.",
                    "url": "https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf"
                },
                {
                    "source_name": "Aqua TeamTNT August 2020",
                    "description": "Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.",
                    "url": "https://blog.aquasec.com/container-security-tnt-container-attack"
                },
                {
                    "source_name": "Palo Alto Black-T October 2020",
                    "description": "Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.",
                    "url": "https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/"
                },
                {
                    "source_name": "Lacework TeamTNT May 2021",
                    "description": "Stroud, J. (2021, May 25). Taking TeamTNT's Docker Images Offline. Retrieved September 22, 2021.",
                    "url": "https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}