Newest TeamTNT IRC Bot Steals AWS and Docker Credentials

Newest TeamTNT IRC Bot Steals AWS and Docker Credentials

Over the past several months, cybercrime group TeamTNT’s internet relay chat (IRC) bot has had its functionality expanded from resource theft for crypto-mining to include the theft of Docker API, Amazon Web Service, and secure shell (SSH) credentials.

Over the past several months, cybercrime group TeamTNT’s internet relay chat (IRC) bot has had its functionality expanded from resource theft for crypto-mining to include the theft of Docker API, Amazon Web Service, and secure shell (SSH) credentials.

Researchers at Cado Security have outlined multiple recent changes in its post-invasion behaviour. The botnet script can now steal credentials from AWS IAM roles, from both files and the AWS metadata URL, which exposes privileged information.

In December, the team at TrendMicro analysed the payload of an ongoing TeamTNT attack and shared that its updated code contained an IRC bot which its authors named ‘TNTbotinger’. Further analysis by the Lacework team indicated that TNTbotinger was malware known as ‘Ziggy StarTux’, which is a variant of Kaiten. The script was first reported in August by Malwarehunterteam (original Tweets since deleted), and appears to have been active since April 2020, compromising a number of Docker and Kubernetes systems.

The malicious scripts have since been equipped with additional functions to ensure the environment has sufficient resources for the mining operation, to hide their operation, and to leave a backdoor for future remote connections.

docker

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Docker Explained: Docker Architecture | Docker Registries

Following the second video about Docker basics, in this video, I explain Docker architecture and explain the different building blocks of the docker engine; docker client, API, Docker Daemon. I also explain what a docker registry is and I finish the video with a demo explaining and illustrating how to use Docker hub.

Docker Architecture Overview & Docker Components [For Beginners]

Docker Architecture Overview & Docker Components. This ultimate guide revolves around the underlying technologies used by Docker Containers to provide effective containerisation services to its users. It explains the entire Docker architecture and its components using intuitive diagrams.

Docker Tutorial for Beginners 8 - Build and Run C++ Applications in a Docker Container

Welcome to this on Docker Tutorial for Beginners. In this video provides an Introduction on C++ development with Docker containers. So we will see How to ship C++ Programs in Docker.

Docker: Installing Docker and Understanding basic docker commands

“Docker: Understanding Docker Architecture and Components”, The First thing we are going to do is to run the “docker run hello-world” command. This command tries to find the “hello-world” image locally and if not found, it then downloads an image from the docker hub and runs the container out of this image.

WordPress in Docker. Part 1: Dockerization

This entry-level guide will tell you why and how to Dockerize your WordPress projects.