ThreatNeedle

Malware & Tools · ThreatNeedle

· MalwareS0665 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

ThreatNeedle is a backdoor that has been used by Lazarus Group since at least 2019 to target cryptocurrency, defense, and mobile gaming organizations. It is considered to be an advanced cluster of Lazarus Group's Manuscrypt (a.k.a. NukeSped) malware family.(Citation: Kaspersky ThreatNeedle Feb 2021)

Tactic Coverage

stealth (5)persistence (3)discovery (2)privilege escalation (2)collection (1)command and control (1)defense impairment (1)execution (1)initial access (1)

Used By (1 groups)

G0032Lazarus GroupLabyrinth Chollima, HIDDEN COBRA

Techniques (14)

T1005Data from Local System

collection

T1027.011Fileless Storage

stealth

T1027.013Encrypted/Encoded File

stealth

T1027.015Compression

stealth

T1036.005Match Legitimate Resource Name or Location

stealth

T1082System Information Discovery

discovery

T1083File and Directory Discovery

References

https://attack.mitre.org/software/S0665 https://securelist.com/lazarus-threatneedle/100803/