Description
[Green Lambert](https://attack.mitre.org/software/S0690) is a modular backdoor that security researchers assess has been used by an advanced threat group referred to as Longhorn and The Lamberts. First reported in 2017, the Windows variant of [Green Lambert](https://attack.mitre.org/software/S0690) may have been used as early as 2008; a macOS version was uploaded to a multiscanner service in September 2014.(Citation: Kaspersky Lamberts Toolkit April 2017)(Citation: Objective See Green Lambert for OSX Oct 2021)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1016 — System Network Configuration Discovery
- T1027 — Obfuscated Files or Information
- T1036.004 — Masquerade Task or Service
- T1036.005 — Match Legitimate Resource Name or Location
- T1037.004 — RC Scripts
- T1059.004 — Unix Shell
- T1070.004 — File Deletion
- T1071.004 — DNS
- T1082 — System Information Discovery
- T1090 — Proxy
- T1124 — System Time Discovery
- T1140 — Deobfuscate/Decode Files or Information
- T1543.001 — Launch Agent
- T1543.004 — Launch Daemon
- T1546.004 — Unix Shell Configuration Modification
- T1547.015 — Login Items
- T1555.001 — Keychain