Gopuram

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Prior to Gopuram's introduction, another malware named LPEClient was used to deliver subsequent malware. However, Gopuram has recently been deployed through a 3CX supply-chain attack, demonstrating tactics similar to those used in past attacks. What makes the Gopuram case remarkable is its coexistence with AppleJeus, another backdoor malware attributed to the Lazarus group, on victim machines. This discovery came about following the infamous 3CX hack, which affected victims globally. The Gopuram malware loads a 'ualapi.dll' file after each system reboot, a tactic previously observed with this type of malware. The recent discovery of new Gopuram infections has allowed researchers to link the 3CX campaign to the Lazarus threat actor with medium to high confidence. This financially motivated campaign leveraged the Gopuram malware, further solidifying its association with the 3CX supply chain attack. As such, Gopuram represents a significant cybersecurity threat that requires comprehensive countermeasures.
What's your take? (Question 1 of 5)
d936e9fb-7af9-4686-8f38-09fd8a7f10fb Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
AppleJeus
5
AppleJeus is a notorious malware attributed to the North Korean APT Lazarus Group, designed primarily to steal cryptocurrency. This malicious software has been a key instrument in North Korea's financial theft operations, with threat groups pilfering $2.3 billion USD worth of crypto assets between M
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
3cx
Payload
Implant
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gopuram Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securelist
a year ago
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Securityaffairs
a year ago
3CX Supply chain attack allowed targeting cryptocurrency firms
InfoSecurity-magazine
a year ago
Crypto Firms Likely Target for 3CX Attacks
CERT-EU
9 months ago
IT threat evolution Q2 2023
CERT-EU
9 months ago
IT threat evolution in Q2 2023 – GIXtools
CERT-EU
a year ago
Some 3CX supply chain attack victims targeted with Gopuram
DARKReading
a year ago
3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor
Securelist
7 months ago
A cascade of compromise: unveiling Lazarus' new campaign
ESET
a year ago
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack | WeLiveSecurity
CERT-EU
a year ago
Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms
CERT-EU
a year ago
3CX hack highlights risk of cascading software supply-chain compromises
CERT-EU
7 months ago
A cascade of compromise: unveiling Lazarus’ new campaign – GIXtools
Securelist
10 months ago
APT trends report Q2 2023
Securelist
6 months ago
Kaspersky Security Bulletin: APT predictions 2024
CERT-EU
10 months ago
APT trends report Q2 2023 – GIXtools
BankInfoSecurity
7 months ago
Lazarus Group Looking for Unpatched Software Vulnerabilities
CERT-EU
a year ago
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
CERT-EU
a year ago
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
DARKReading
a year ago
3CX Supply Chain Attack Tied to Financial Trading App Breach
CERT-EU
6 months ago
Advanced threat predictions for 2024 – GIXtools