Skip to content
Malware family CloudLinux

TeamTNT

TeamTNT is a threat cluster best known for Linux-focused intrusions in cloud and containerized environments, where it has been associated with cryptomining activity and related post-compromise tradecraft.

Profile source: Mallory opens in a new tab

TeamTNT

Family profile

TeamTNT is a threat cluster best known for Linux-focused intrusions in cloud and containerized environments, where it has been associated with cryptomining activity and related post-compromise tradecraft. It is widely referenced in the context of Linux malware operations and is notable for targeting the growing population of Linux workloads in public cloud infrastructure. TeamTNT has been cited among prominent Linux threats observed during the broader rise in Linux-targeting malware.

Available high-confidence reporting in this context links TeamTNT to cryptominer deployment on Linux systems. It is also referenced in ATT&CK-aligned detection material related to exfiltration over alternative protocols, indicating association with tradecraft that may include DNS-based exfiltration behavior. TeamTNT is therefore relevant both as a Linux malware operator and as an example of adversaries whose activity may blend commodity payloads with living-off-the-land techniques.

TeamTNT is commonly discussed alongside Linux behavioral detection challenges because attackers in this space often abuse legitimate administrative tools and services, making simple signature-based detection insufficient unless defenders already possess known malware samples. The threat is especially relevant to defenders monitoring cloud-hosted Linux servers, containers, and other internet-exposed Linux infrastructure.

Capabilities

  • Exfiltration

MITRE ATT&CK

TeamTNT in ATT&CK

1 distinct techniques

Reporting

Research mentioning TeamTNT

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.