Tntfeatb0rg

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
TNTFeatB0RG is a malicious software (malware) identified within the "dockgeddon" Docker image, designed to exploit and damage computer systems. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, TNTFeatB0RG has the capability to steal personal information, disrupt operations, or hold data hostage for ransom. The malware was discovered after obtaining its binary from the Docker image and conducting an analysis using Ghidra, a software reverse engineering tool. The Ghidra analysis revealed known IPs and domains associated with TeamTNT, indicating their involvement in the creation and distribution of this malware. Within the "dockgeddon" image, three harmful utilities were identified: a variant of the IRC bot Tsunami (TNTfeatB0rg), a banner grabbing utility (zgrab), and a spreading utility init.sh. These utilities contribute to the malware's ability to infiltrate, exploit, and spread across systems. In conclusion, TNTFeatB0RG represents a significant threat to computer systems due to its sophisticated design and damaging capabilities. It is crucial for organizations to ensure robust cybersecurity measures are in place to protect against such threats. Continued analysis and monitoring of this malware will be vital in order to fully understand its functionality and devise effective countermeasures.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Bot
Docker
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DockgeddonUnspecified
1
Dockgeddon is a threat actor identified by Lacework Labs through their Docker API honeypot. The honeypot detected a container image named "dockgeddon" being created from the Megawebmaster account, which is known for its association with TeamTNT utilities. This discovery was made possible through the
TeamTNTUnspecified
1
TeamTNT, a threat actor group known for its malicious activities, has been implicated in a series of sophisticated attacks on Kubernetes, one of the most complex to date. The group is notorious for deploying malware, specifically the Hildegard malware, which was identified during a new campaign. The
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tntfeatb0rg Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Taking TeamTNT’s Docker Images Offline - Lacework