Names | Purple Lambert | |
Category | Malware | |
Type | Backdoor | |
Description | (Kaspersky) The samples were compiled in 2014 and, accordingly, were likely deployed in 2014 and possibly as late as 2015. Although we have not found any shared code with any other known malware, the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families. We therefore named this malware Purple Lambert. Purple Lambert is composed of several modules, with its network module passively listening for a magic packet. It is capable of providing an attacker with basic information about the infected system and executing a received payload. Its functionality reminds us of Gray Lambert, another user-mode passive listener. Gray Lambert turned out to be a replacement of the kernel-mode passive-listener White Lambert implant in multiple incidents. In addition, Purple Lambert implements functionality similar to, but in different ways, both Gray Lambert and White Lambert. | |
Information | <https://securelist.com/apt-trends-report-q1-2021/101967/> |
Last change to this tool card: 16 May 2021
Download this tool card in JSON format
Previous: Pure Storage FlashArray
Next: PuTTY
Changed | Name | Country | Observed | ||
APT groups | |||||
↳ Subgroup: Longhorn, The Lamberts | 2009 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |