TeamTNT Script Employed to Grab AWS Credentials - Cado Security

TeamTNT script has been employed to target a Confluence vulnerability that grabs AWS credentials including those from ECS. 

Malware using new Ezuri memory loader

Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials - Cado Security

Agile Approach to mass cloud credential harvesting and crypto mining sprints ahead

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

AWS Archives - Security Affairs

Learning from AWS Customer Security Incidents [2022] - Speaker Deck

Previously Undiscovered TeamTNT Payload Recently Surfaced - Cado Security

Forensicating Threats in the Cloud - eForensics

Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials - Cado Security