Home > List all groups > List all tools > List all groups using tool Purple Lambert

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Purple Lambert

NamesPurple Lambert
Description(Kaspersky) The samples were compiled in 2014 and, accordingly, were likely deployed in 2014 and possibly as late as 2015. Although we have not found any shared code with any other known malware, the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families. We therefore named this malware Purple Lambert. Purple Lambert is composed of several modules, with its network module passively listening for a magic packet. It is capable of providing an attacker with basic information about the infected system and executing a received payload. Its functionality reminds us of Gray Lambert, another user-mode passive listener. Gray Lambert turned out to be a replacement of the kernel-mode passive-listener White Lambert implant in multiple incidents. In addition, Purple Lambert implements functionality similar to, but in different ways, both Gray Lambert and White Lambert.

Last change to this tool card: 15 May 2021

Download this tool card in JSON format

All groups using tool Purple Lambert


APT groups

     ↳ Subgroup: Longhorn, The LambertsUSA2009 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key