having fun

NSA Green Lambert for OS X rootkit investigation

Green Lambert is described as an “active implant” and “the only one where non-Windows variants have been found.”

“C2 jitter, secure erase / uninstall, SSL/TLS+extra crypto, size below 150K, encrypt logs and local collection, decrypt strings on the fly in mem… simply following these guidelines immediately makes the malware (“tools”) more interesting and, recognizable by a skilled analyst.”

https://objective-see.com/blog/blog_0x68.html (pdf)

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

Test your skill: *