Tools and methods
For much of TeamTNT’s activities, the theft of qualifications is typically among the group’s objectives, if not the main one. The group utilizes a variety of methods in its credential gathering regimens. To limit its primary targets for credential theft, TeamTNT utilizes its own scripts which contain functions developed to look for qualifications for particular services and software application. It likewise carries out determination systems in a few of its projects, as in its SSH credential theft project, in which it produces regional users and guarantees that chosen users are obtainable over SSH in order to acquire determination post-compromise.
TeamTNT likewise makes comprehensive usage of backdoors and rootkits. Among the more noteworthy tools utilized by the group is Diamorphine, an open-source rootkit that has a range of functions developed to conceal the existence of the group’s destructive cryptocurrency mining.
IRC bots have actually included greatly in TeamTNT’s projects. The group typically utilizes them for command-and-control operations, particularly to send out commands to contaminated customers. These bots have actually developed and acquired brand-new abilities, such as the capability to download binaries or secure strings.
Figure 2. The variations of TeamTNT’s IRC bot
The group’s payloads likewise boast their own performances. In the fight for restricted resources, for example, a few of TeamTNT’s cryptocurrency miners have the capability to discover and reduce the effects of contending malware such as Kinsing. Some payloads were relatively easy in early executions, however they ultimately developed into more advanced kinds with obfuscation and determination systems.