HOMETHREATSLorem Ipsum
APT / THREAT GROUP

Lorem Ipsum

2
aliases
Last seen:May 22, 2026

Intelligence Profile

According to BlueVoyant, Lorem Ipsum is a multi-stage malware family written in PowerShell for its loader components, with later stages transitioning to shellcode and DLL-based payloads. The loader chains multiple PowerShell stages that use AES decryption for embedded payloads, followed by gzip decompression and reflective memory loading, with newer versions employing substitution cipher decoding and XOR-encrypted shellcode stubs. The malware achieves persistence via Windows registry Run keys and evolved to use DLL sideloading, where a legitimate executable sideloads a malicious DLL that decodes embedded ciphertext to launch the core loader. Communication with C2 servers is conducted through JFIF image files where additional data is appended beyond image boundaries, allowing bidirectional exchange disguised as image traffic.

Threat Analysis

Lorem Ipsum is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Lorem Ipsum

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

Lorem Ipsumwin.lorem_ipsum

External Intelligence

Malpedia: win.lorem_ipsum

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.