ThreatNeedle (Lazarus)

Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.

3 syscalls cited

NtOpenThread
Opens a handle to an existing thread identified by CLIENT_ID with requested access rights.
NtSetContextThread
Sets the CPU register context of a thread — the kernel primitive behind thread hijacking and shellcode redirection.
NtQuerySystemInformation
Retrieves a class of system-wide information — process list, kernel handle table, loaded driver list, code-integrity status, and more.