TeamTNT Targeting AWS, Alibaba
TeamTNT is actively modifying its scripts after they were made public by security researchers. These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances. The group's payloads include credential stealers, cryptocurrency miners, persistence and lateral movement. TeamTNT scripts are also capable of disabling cloud security tools, such as Alibaba's aegis cloud security agent. The malware author modified these tools after they became aware that security researchers published the earlier version of the script. This intelligence is based on information provided by an intelligence partner.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
angr is a Python 3 library for binary analysis with various capabilities like symbolic execution and decompilation.
Python wrapper for Android APK decompilation with various converter and decompiler options.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.
A collection of Yara rules for detecting malware evasion techniques
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.