216.73.217.22

TeamTNT

· Published 16/12/2025 19:39 · Modified 27/03/2026 01:13 · Source: The MITRE Corporation

Essential information

Confidence
100/100
Published
16/12/2025 19:39
Modified
27/03/2026 01:13
Updated at
27/03/2026 01:13
Revoked
No
Author / Source
The MITRE Corporation
Resource level
Primary motivation
Related entities
2 reports, 85 attack patterns (mitre), 6 malware, 1 countries, 105 indicators, 3 tool

Description

[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (2)

Attack patterns (MITRE) (85)

Malware (6)

  • Hildegard
  • Tsunami uses
    Family
    Published 14/04/2026 08:54 · Modified 14/04/2026 08:54
  • XMRig uses
    Family
    Published 28/05/2026 10:56 · Modified 28/05/2026 10:56
  • Platypus uses
    Family
    Published 18/12/2024 06:34 · Modified 18/12/2024 06:34
  • Sliver uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • Black-T

Countries (1)

  • Germany targets

Indicators (105)

Tool (3)

  • LaZagne uses
    The MITRE Corporation Confidence 100

    [LaZagne](https://attack.mitre.org/software/S0349) is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows …

    Published 30/01/2019 17:44 · Modified 27/03/2026 01:07
  • MimiPenguin uses
    The MITRE Corporation Confidence 100

    [MimiPenguin](https://attack.mitre.org/software/S0179) is a credential dumper, similar to [Mimikatz](https://attack.mitre.org/software/S0002), designed specifically for Linux platforms. (Citation: MimiPenguin GitHub May 2017)

    Published 16/01/2018 17:13 · Modified 27/03/2026 01:07
  • Peirates uses
    The MITRE Corporation Confidence 100

    [Peirates](https://attack.mitre.org/software/S0683) is a post-exploitation Kubernetes exploitation framework with a focus on gathering service account tokens for lateral movement and privilege escalation. The tool is written in GoLang and …

    Published 08/02/2022 17:11 · Modified 27/03/2026 01:07