# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.trendmicro.com/vinfo/hk-en/security/news/virtualization-and-cloud/coinminer-ddos-bot-attack-docker-daemon-ports # Reference: https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool kaiserfranz.cc irc.kaiserfranz.cc /ziggy_spread # Reference: https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/ # Reference: https://www.virustotal.com/gui/file/1aaf7bc48ff75e870db4fe6ec0b3ed9d99876d7e2fb3d5c4613cca92bbb95e1b/detection # Reference: https://otx.alienvault.com/pulse/5f3aa1e047a40112d69f524d 6z5yegpuwg2j4len.tor2web.su dockerupdate.anondns.net sayhi.bplace.net teamtnt.red teamtntisback.anondns.net # Reference: https://otx.alienvault.com/pulse/5f58ff8e319f59c6e46496b1 # Reference: https://www.virustotal.com/gui/file/0742efecbd7af343213a50cc5fd5cd2f8475613cfe6fb51f4296a7ec4533940d/detection 85.214.149.236:443 # Reference: https://techcommunity.microsoft.com/t5/azure-security-center/teamtnt-activity-targets-weave-scope-deployments/ba-p/1645968 # Reference: https://otx.alienvault.com/pulse/5f5925486084399c89bda0ba # Reference: https://www.virustotal.com/gui/domain/rhuancarlos.inforgeneses.inf.br/detection rhuancarlos.inforgeneses.inf.br # Reference: https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/ # Reference: https://otx.alienvault.com/pulse/5f7b7cfff93fa60ed6fd4ff4 /BLACK-T/setup/ /BLACK-T/beta /BLACK-T/CleanUpThisBox /BLACK-T/SetUpTheBLACK-T /BLACK-T/SystemMod /SetUpTheBLACK-T /only_for_stats/dup.php # Reference: https://twitter.com/r3dbU7z/status/1351256623814205441 sampwn.anondns.net /SamPwn # Reference: https://twitter.com/r3dbU7z/status/1350479393135734787 # Reference: https://www.cadosecurity.com/post/botnet-deploys-cloud-and-container-attack-techniques # Reference: https://otx.alienvault.com/pulse/6007314fbb9b9daf8afc505c http://45.9.150.36 borg.wtf # Reference: https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ # Reference: otx.alienvault.com/pulse/601ad65bb1f0c3f6116d20ab/ 123.245.9.147:6667 13.245.9.147:6667 164.68.106.96:6667 62.234.121.105:6667