[Intel]: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

[timb-machine]

Area

Malware reports

Parent threat

Reconnaissance, Initial Access, Execution, Persistence, Defense Evasion, Credential Access, Discovery, Command and Control, Impact

Finding

https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Industry reference

attack:T1525:Implant Internal Image
attack:T1595:Active Scanning
attack:T1496:Resource Hijacking
attack:T1613:Container and Resource Discovery
attack:T1190:Exploit Public-Facing Application
attack:T1059:Command and Scripting Interpreter
attack:T1610:Deploy Container
attack:T1222:File and Directory Permissions Modification
attack:T1036:Masquerading
attack:T1132:Data Encoding
attack:T1552.005:Cloud Instance Metadata API
attack:T1082:System Information Discovery
attack:T1071.001:Web Protocols
attack:T1090.003:Multi-hop Proxy

Malware reference

Tsunami

Actor reference

TeamTNT

Component

Linux

Scenario

No response