ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)

ThreatNeedle is a backdoor that has been used by Lazarus Group since at least 2019 to target cryptocurrency, defense, and mobile gaming organizations. It is considered to be an advanced cluster of Lazarus Group's Manuscrypt (a.k.a. NukeSped) malware family.(Citation: Kaspersky ThreatNeedle Feb 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2