{
	"id": "c6fe1448-7059-48ef-83fb-897975bacf34",
	"created_at": "2026-04-06T00:09:37.904769Z",
	"updated_at": "2026-04-10T03:31:17.743125Z",
	"deleted_at": null,
	"sha1_hash": "c6cd4e657546c84850c981bc38c61b0d50d3ffe3",
	"title": "APT_Digital_Weapon/Lamberts at master · RedDrip7/APT_Digital_Weapon",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34150,
	"plain_text": "APT_Digital_Weapon/Lamberts at master ·\r\nRedDrip7/APT_Digital_Weapon\r\nBy RedDrip7\r\nArchived: 2026-04-05 22:45:16 UTC\r\nNAME:\r\nLamberts\r\nAlias:\r\nLonghorn，APT-C-39\r\nDescription:\r\nLamberts is an attack group disclosed and named by Symantec. It has been active since at least 2011, and targeted\r\nat least 40 targets by using spying tools and operational protocols detailed in the recent Vault 7 leak. The targets,\r\ncompromised by advanced malware tools and zero-day vulnerabilities, are located in at least 16 countries across\r\nthe Middle East, Europe, Asia, and Africa.\r\nReferences:\r\nhttps://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7\r\nhttp://blogs.360.cn/post/APT-C-39_CIA_EN.html\r\nhttps://ti.qianxin.com/blog/articles/network-weapons-of-cia/\r\nSource: https://github.com/RedDrip7/APT_Digital_Weapon/tree/master/Lamberts\r\nhttps://github.com/RedDrip7/APT_Digital_Weapon/tree/master/Lamberts\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://github.com/RedDrip7/APT_Digital_Weapon/tree/master/Lamberts"
	],
	"report_names": [
		"Lamberts"
	],
	"threat_actors": [
		{
			"id": "e993faab-f941-4561-bd87-7c33d609a4fc",
			"created_at": "2022-10-25T16:07:23.460301Z",
			"updated_at": "2026-04-10T02:00:04.617715Z",
			"deleted_at": null,
			"main_name": "Longhorn",
			"aliases": [
				"APT-C-39",
				"Platinum Terminal",
				"The Lamberts"
			],
			"source_name": "ETDA:Longhorn",
			"tools": [
				"Black Lambert",
				"Blue Lambert",
				"Corentry",
				"Cyan Lambert",
				"Fluxwire",
				"Gray Lambert",
				"Green Lambert",
				"Magenta Lambert",
				"Pink Lambert",
				"Plexor",
				"Purple Lambert",
				"Silver Lambert",
				"Violet Lambert",
				"White Lambert"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "70db80bd-31b7-4581-accb-914cd8252913",
			"created_at": "2023-01-06T13:46:38.57727Z",
			"updated_at": "2026-04-10T02:00:03.028845Z",
			"deleted_at": null,
			"main_name": "Longhorn",
			"aliases": [
				"the Lamberts",
				"APT-C-39",
				"PLATINUM TERMINAL"
			],
			"source_name": "MISPGALAXY:Longhorn",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "23dfc9f5-1862-4510-a6ae-53d8e51f17b1",
			"created_at": "2024-05-01T02:03:08.146025Z",
			"updated_at": "2026-04-10T02:00:03.67072Z",
			"deleted_at": null,
			"main_name": "PLATINUM TERMINAL",
			"aliases": [
				"APT-C-39 ",
				"Longhorn ",
				"The Lamberts ",
				"Vault7 "
			],
			"source_name": "Secureworks:PLATINUM TERMINAL",
			"tools": [
				"AfterMidnight",
				"Assassin",
				"Marble Framework"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434177,
	"ts_updated_at": 1775791877,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c6cd4e657546c84850c981bc38c61b0d50d3ffe3.pdf",
		"text": "https://archive.orkl.eu/c6cd4e657546c84850c981bc38c61b0d50d3ffe3.txt",
		"img": "https://archive.orkl.eu/c6cd4e657546c84850c981bc38c61b0d50d3ffe3.jpg"
	}
}