← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TeamTNT Delivers Malware With New Detection Evasion Tool
WHITE TeamTNT AlienVault 2020-12-02 Modified: 2021-01-27
33
IOCs
MEDIUM VOLUME
AT&T Alien Labs has identified a new tool from the TeamTNT adversary group, who has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.
CryptocurrencylibprocesshiderDockerCryptominer
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
libprocesshider
Indicators of Compromise (33)
All FileHash-SHA256 domain FileHash-MD5 FileHash-SHA1 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 02cde4109a12acb499953aa8c79917455b9f49837c7c1dbb13cbcf67e86a1555 2020-12-02
FileHash-SHA256 73dec430b98ade79485f76d405c7a9b325df7492b4f97985499a46701553e34a 2020-12-02
FileHash-SHA256 cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f 2020-12-02
domain kaiserfranz.cc 2020-12-03
FileHash-SHA256 b666cd08b065132235303727f2d77997a30355ae0e5b557cd08d41c9ade7622d 2020-12-03
FileHash-MD5 24046b7930ea1c0109a4ba4f207f1acd MD5 of 73dec430b98ade79485f76d405c7a9b325df7492b4f97985499a46701553e34a 2020-12-03
FileHash-MD5 c4fb78194bee0c53c86765f40bc3f674 MD5 of b666cd08b065132235303727f2d77997a30355ae0e5b557cd08d41c9ade7622d 2020-12-03
FileHash-MD5 9b19ae4a815c92d4b1a1fb34df2b02cc MD5 of cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f 2020-12-03
FileHash-SHA1 6feda48d24a9a6c4d00d24fdbac41def7a237caa SHA1 of cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f 2020-12-03
FileHash-SHA1 45531e2165cb13933c1f0bf9b857a42eadcaf518 SHA1 of 73dec430b98ade79485f76d405c7a9b325df7492b4f97985499a46701553e34a 2020-12-03
FileHash-SHA1 a59fd4626ddf91333b4a857fb12f3845f42cd774 SHA1 of b666cd08b065132235303727f2d77997a30355ae0e5b557cd08d41c9ade7622d 2020-12-03
hostname 0ee0da0d2bb1.ngrok.io 2020-12-03
domain teamtnt.red 2020-12-03
FileHash-SHA256 252bf8c685289759b90c1de6f9db345c2cfe62e6f8aad9a7f44dfb3c8508487a SHA256 of 8c5073a491ab099d2601f99d9a45f005 2020-12-03
FileHash-SHA256 87e8da015e2fc0937085411e59feb0c252d6e66fcb9d2bc526e57ae75c822eeb SHA256 of 6846fc7c1e48437d70d5d4025a14af8a 2020-12-03
FileHash-SHA256 139f393594aabb20543543bd7d3192422b886f58e04a910637b41f14d0cad375 SHA256 of 8ffdba0c9708f153237aabb7d386d083 2020-12-03
FileHash-SHA256 e15550481e89dbd154b875ce50cc5af4b49f9ff7b837d9ac5b5594e5d63966a3 SHA256 of b8568c474fc342621f748a5e03f71667 2020-12-03
FileHash-SHA256 e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2 SHA256 of a2a11ec332dfd8b1b273d62f736c48a3 2020-12-03
FileHash-SHA256 d9c46904d5bb808f2f0c28e819a31703f5155c4df66c4c4669f5d9e81f25dc66 SHA256 of af17866268ba631ba85fad489dc81b0c 2020-12-03
FileHash-MD5 97dabbb953425c00b686369b1253553d 2020-12-03
FileHash-MD5 af17866268ba631ba85fad489dc81b0c 2020-12-03
FileHash-MD5 6846fc7c1e48437d70d5d4025a14af8a 2020-12-03
FileHash-MD5 a2a11ec332dfd8b1b273d62f736c48a3 2020-12-03
FileHash-MD5 b8568c474fc342621f748a5e03f71667 2020-12-03
FileHash-MD5 8ffdba0c9708f153237aabb7d386d083 2020-12-03
FileHash-MD5 8c5073a491ab099d2601f99d9a45f005 2020-12-03
FileHash-MD5 0536d241717e84b707da53d69af86824 2020-12-03
FileHash-SHA1 a9d1f807773ee8a61de29aa6898fded8634df8c3 SHA1 of 6846fc7c1e48437d70d5d4025a14af8a 2020-12-03
FileHash-SHA1 cf0c8bd46ff772954f6a98ec30f804e1b851be12 SHA1 of a2a11ec332dfd8b1b273d62f736c48a3 2020-12-03
FileHash-SHA1 b10b1b6e88198c6abe3c0d6af7defc992f4cc840 SHA1 of b8568c474fc342621f748a5e03f71667 2020-12-03
FileHash-SHA1 712390c705335787f2601987746bda98657446d0 SHA1 of 8ffdba0c9708f153237aabb7d386d083 2020-12-03
FileHash-SHA1 de8167bf089f786b66071898988b99731ceb8b6a SHA1 of af17866268ba631ba85fad489dc81b0c 2020-12-03
FileHash-SHA1 6fb0678c83df228bfdb8136e48c4985e5c0452dc SHA1 of 8c5073a491ab099d2601f99d9a45f005 2020-12-03
References (2)
↗ AT&T Alien Labs ↗ https://s.tencent.com/research/report/1185.html