{
	"id": "fdbd716e-e120-4539-9f1d-34f971f70fd5",
	"created_at": "2026-04-06T00:15:37.837011Z",
	"updated_at": "2026-04-10T03:31:17.7603Z",
	"deleted_at": null,
	"sha1_hash": "cf68c15bafe7601d77e392106e74847223e893e6",
	"title": "Blue Lambert - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 58208,
	"plain_text": "Blue Lambert - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:19:36 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Blue Lambert\n Tool: Blue Lambert\nNames Blue Lambert\nCategory Malware\nType Loader\nDescription\n(Threatpost) Analysis of Black Lambert also exposed Blue Lambert, a second stage malware\nattack against a Black Lambert victim. Blue Lambert also exposed a number of operation or\nvictim codenames that reference popular culture, including DOUBLESIDED\nSCOOBYSNACK, FUNNELCAKE CARNIVAL, RINGTOSS CARNIVAL and others.\nThe researchers also found Green Lambert, an older version of the Blue Lambert malware.\nInformation\nLast change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Blue Lambert\nChanged Name Country Observed\nAPT groups\n ↳ Subgroup: Longhorn, The Lamberts 2009\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d64b9599-d42b-48f6-9fda-8d879b3dc4ba\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d64b9599-d42b-48f6-9fda-8d879b3dc4ba\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d64b9599-d42b-48f6-9fda-8d879b3dc4ba"
	],
	"report_names": [
		"listgroups.cgi?u=d64b9599-d42b-48f6-9fda-8d879b3dc4ba"
	],
	"threat_actors": [
		{
			"id": "e993faab-f941-4561-bd87-7c33d609a4fc",
			"created_at": "2022-10-25T16:07:23.460301Z",
			"updated_at": "2026-04-10T02:00:04.617715Z",
			"deleted_at": null,
			"main_name": "Longhorn",
			"aliases": [
				"APT-C-39",
				"Platinum Terminal",
				"The Lamberts"
			],
			"source_name": "ETDA:Longhorn",
			"tools": [
				"Black Lambert",
				"Blue Lambert",
				"Corentry",
				"Cyan Lambert",
				"Fluxwire",
				"Gray Lambert",
				"Green Lambert",
				"Magenta Lambert",
				"Pink Lambert",
				"Plexor",
				"Purple Lambert",
				"Silver Lambert",
				"Violet Lambert",
				"White Lambert"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "70db80bd-31b7-4581-accb-914cd8252913",
			"created_at": "2023-01-06T13:46:38.57727Z",
			"updated_at": "2026-04-10T02:00:03.028845Z",
			"deleted_at": null,
			"main_name": "Longhorn",
			"aliases": [
				"the Lamberts",
				"APT-C-39",
				"PLATINUM TERMINAL"
			],
			"source_name": "MISPGALAXY:Longhorn",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "23dfc9f5-1862-4510-a6ae-53d8e51f17b1",
			"created_at": "2024-05-01T02:03:08.146025Z",
			"updated_at": "2026-04-10T02:00:03.67072Z",
			"deleted_at": null,
			"main_name": "PLATINUM TERMINAL",
			"aliases": [
				"APT-C-39 ",
				"Longhorn ",
				"The Lamberts ",
				"Vault7 "
			],
			"source_name": "Secureworks:PLATINUM TERMINAL",
			"tools": [
				"AfterMidnight",
				"Assassin",
				"Marble Framework"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434537,
	"ts_updated_at": 1775791877,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cf68c15bafe7601d77e392106e74847223e893e6.pdf",
		"text": "https://archive.orkl.eu/cf68c15bafe7601d77e392106e74847223e893e6.txt",
		"img": "https://archive.orkl.eu/cf68c15bafe7601d77e392106e74847223e893e6.jpg"
	}
}