ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Gray Lambert

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Gray Lambert

NamesGray Lambert
CategoryMalware
TypeBackdoor
Description(Kaspersky) Gray Lambert is the most recent tool in the Lamberts’ arsenal. It is a network-driven backdoor, similar in functionality to White Lambert. Unlike White Lambert, which runs in kernel mode, Gray Lambert is a user-mode implant. The compilation and coding style of Gray Lambert is similar to the Pink Lambert USB stealers. Gray Lambert initially appeared on the computers of victims infected by White Lambert, which could suggest the authors were upgrading White Lambert infections to Gray. This migration activity was last observed in October 2016.

Some of the known filenames for Gray Lambert are mwapi32.dll and poolstr.dll – it should be pointed though that the filenames used by the Lamberts are generally unique and have never been used twice.
Information<https://securelist.com/unraveling-the-lamberts-toolkit/77990/>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: GRAYFISH
Next: Grease

All groups using tool Gray Lambert

ChangedNameCountryObserved

APT groups

X    ↳ Subgroup: Longhorn, The LambertsUSA2009 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key