TeamTNT’s Docker Gatling Gun Campaign

TeamTNT is preparing a large-scale cloud-focused campaign that exploits exposed Docker daemons (ports like `2375`) and compromised Docker Hub accounts to deploy Sliver implants, worms, and cryptominers; they append victims to Docker Swarms, rent or monetize compute, and maintain C2 infrastructure (domains/IPs listed) while using new tooling (Sliver) alongside legacy capabilities (Tsunami), with multiple IoCs and MITRE ATT&CK mappings provided.