TeamTNT Using WatchDog Operations TTPs in Cryptojacking

Security Alert
Published June 9, 2021

Researchers have identified indicators traditionally pointing to the WatchDog cryptojacking group, which have been incorporated in the tactics, techniques and procedures (TTPs) used by the TeamTNT cryptojacking group. While TeamTNT is believed to be the author of these new scripts, as several of the scripts were found within TeamTNT-owned public malware repositories, the lack of the more advanced TeamTNT operational TTPs is puzzling. It appears that TeamTNT may be attempting to expand their cryptojacking operations, while simultaneously masking their operations in those of the known cryptojacking operations performed by WatchDog.

ADVERSARY:
MALWARE FAMILIES:
WatchDogTeamTNTBlack-THildegard – S0601
ATT&CK IDS:
T1574 – Hijack Execution FlowT1522 – Cloud Instance Metadata APIT1049 – System Network Connections DiscoveryT1078.004 – Cloud AccountsT1526 – Cloud Service DiscoveryT1068 – Exploitation for Privilege EscalationT1496 – Resource HijackingT1059.004 – Unix Shell

Related Content

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.