TeamTNT Targeting AWS, Alibaba Logo

TeamTNT Targeting AWS, Alibaba

0
Free
Visit Website

TeamTNT is actively modifying its scripts after they were made public by security researchers. These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances. The group's payloads include credential stealers, cryptocurrency miners, persistence and lateral movement. TeamTNT scripts are also capable of disabling cloud security tools, such as Alibaba's aegis cloud security agent. The malware author modified these tools after they became aware that security researchers published the earlier version of the script. This intelligence is based on information provided by an intelligence partner.

FEATURES

ALTERNATIVES

A tool to embed XXE and XSS payloads in various file formats

Microservice for scanning files with Yara

Find exploits in local and online databases instantly

FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.

A minimal, consistent API for building integrations with malware sandboxes

A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.

A Linux process injection tool that injects shellcode into a running process

A multithreaded YARA scanner for incident response or malware zoos.

PINNED