Pulse Detail — Threat Intelligence

PULSE NAME

TeamTNT Delivers Malware With New Detection Evasion Tool

WHITE TeamTNT AlienVault 2020-12-02 Modified: 2021-01-27

IOCs

MEDIUM VOLUME

AT&T Alien Labs has identified a new tool from the TeamTNT adversary group, who has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

libprocesshider

Indicators of Compromise (11 / 33 total)

All FileHash-SHA256 domain FileHash-MD5 FileHash-SHA1 hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	24046b7930ea1c0109a4ba4f207f1acd	MD5 of 73dec430b98ade79485f76d405c7a9b325df7492b4f97985499a46701553e34a	2020-12-03
FileHash-MD5	c4fb78194bee0c53c86765f40bc3f674	MD5 of b666cd08b065132235303727f2d77997a30355ae0e5b557cd08d41c9ade7622d	2020-12-03
FileHash-MD5	9b19ae4a815c92d4b1a1fb34df2b02cc	MD5 of cb013be7b5269c035495222198ec708c026c8db838031af60fd0bd984f34226f	2020-12-03
FileHash-MD5	97dabbb953425c00b686369b1253553d	—	2020-12-03
FileHash-MD5	af17866268ba631ba85fad489dc81b0c	—	2020-12-03
FileHash-MD5	6846fc7c1e48437d70d5d4025a14af8a	—	2020-12-03
FileHash-MD5	a2a11ec332dfd8b1b273d62f736c48a3	—	2020-12-03
FileHash-MD5	b8568c474fc342621f748a5e03f71667	—	2020-12-03
FileHash-MD5	8ffdba0c9708f153237aabb7d386d083	—	2020-12-03
FileHash-MD5	8c5073a491ab099d2601f99d9a45f005	—	2020-12-03
FileHash-MD5	0536d241717e84b707da53d69af86824	—	2020-12-03

References (2)

↗ AT&T Alien Labs ↗ https://s.tencent.com/research/report/1185.html