ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Gray Lambert

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Gray Lambert

NamesGray Lambert
CategoryMalware
TypeBackdoor
Description(Kaspersky) Gray Lambert is the most recent tool in the Lamberts’ arsenal. It is a network-driven backdoor, similar in functionality to White Lambert. Unlike White Lambert, which runs in kernel mode, Gray Lambert is a user-mode implant. The compilation and coding style of Gray Lambert is similar to the Pink Lambert USB stealers. Gray Lambert initially appeared on the computers of victims infected by White Lambert, which could suggest the authors were upgrading White Lambert infections to Gray. This migration activity was last observed in October 2016.

Some of the known filenames for Gray Lambert are mwapi32.dll and poolstr.dll – it should be pointed though that the filenames used by the Lamberts are generally unique and have never been used twice.
Information<https://securelist.com/unraveling-the-lamberts-toolkit/77990/>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool Gray Lambert

ChangedNameCountryObserved

APT groups

     ↳ Subgroup: Longhorn, The LambertsUSA2009 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]