Senior Intelligence Researcher at Anomali, Tara Gould, joins Dave to discuss their team's work on "Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server." Anomali Threat Research discovered an open server to a directory listing that they attribute with high confidence to the German-speaking threat group, TeamTNT.The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments.Other server contents include Amazon Web Services (AWS) Credentials stolen from TeamTNT stealers are also hosted on the server.
This inside view of TeamTNT infrastructure and tools in use can help security operations teams to improve detection capabilities for related attacks, whether coming directly from TeamTNT or other cybercrime groups leveraging their tools.
The research can be found here:
Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server