{ "type": "bundle", "id": "bundle--48d71235-3262-4c60-bc83-df921a9d0ca2", "spec_version": "2.0", "objects": [ { "modified": "2023-03-26T20:18:23.760Z", "name": "ThreatNeedle", "description": "[ThreatNeedle](https://attack.mitre.org/software/S0665) is a backdoor that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032) since at least 2019 to target cryptocurrency, defense, and mobile gaming organizations. It is considered to be an advanced cluster of [Lazarus Group](https://attack.mitre.org/groups/G0032)'s Manuscrypt (a.k.a. NukeSped) malware family.(Citation: Kaspersky ThreatNeedle Feb 2021)", "x_mitre_platforms": [ "Windows" ], "x_mitre_deprecated": false, "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_version": "1.1", "x_mitre_aliases": [ "ThreatNeedle" ], "type": "malware", "id": "malware--16040b1c-ed28-4850-9d8f-bb8b81c42092", "created": "2021-11-30T15:46:36.159Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0665", "external_id": "S0665" }, { "source_name": "Kaspersky ThreatNeedle Feb 2021", "description": "Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.", "url": "https://securelist.com/lazarus-threatneedle/100803/" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "labels": [ "malware" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }