# ThreatNeedle > Tipo: **malware** · S0665 · [MITRE ATT&CK](https://attack.mitre.org/software/S0665) ## Descrição [[s0665-threatneedle|ThreatNeedle]] é um backdoor utilizado pelo [[g0032-lazarus-group|Lazarus Group]] desde pelo menos 2019 para atacar organizações de criptomoedas, defesa e jogos mobile. É considerado um cluster avançado da família de malware Manuscrypt (também conhecido como NukeSped) do [[g0032-lazarus-group|Lazarus Group]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] - [[t1204-002-malicious-file|T1204.002 - Malicious File]] - [[t1543-003-windows-service|T1543.003 - Windows Service]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1027-015-compression|T1027.015 - Compression]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1027-013-encryptedencoded-file|T1027.013 - Encrypted/Encoded File]] - [[t1027-011-fileless-storage|T1027.011 - Fileless Storage]] - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1566-001-spearphishing-attachment|T1566.001 - Spearphishing Attachment]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] ## Grupos que Usam - [[g0032-lazarus-group|Lazarus Group]] ## Referências - [MITRE ATT&CK - S0665](https://attack.mitre.org/software/S0665)