ThreatNeedle

Description

(Kaspersky) Upon opening a malicious document and allowing the macro, the malware is dropped and proceeds to a multistage deployment procedure. The malware used in this campaign belongs to a known malware cluster we named ThreatNeedle. We attribute this malware family to the advanced version of Manuscrypt (a.k.a. NukeSped), a family belonging to the Lazarus group. We previously observed the Lazarus group utilizing this cluster when attacking cryptocurrency businesses and a mobile game company. Although the malware involved and the entire infection process is known and has not changed dramatically compared to previous findings, the Lazarus group continued using ThreatNeedle malware aggressively in this campaign.

Names

Name
ThreatNeedle
DRATzarus

Type

Reconnaissance
Backdoor
Info stealer
Downloader

Information

https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Lazarus-targets-defense-industry-with-Threatneedle-En.pdf

Mitre Attack

https://attack.mitre.org/software/S0665/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dratzarus

Other Information

Uuid

ee9fefb9-5621-47c4-b035-26aa2f936ad9

Last Card Change

2023-10-13

Threat Intelligence Garden

Explorer

ThreatNeedle

ThreatNeedle

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks