Gopuram

Malware updated 23 days ago (2024-11-29T14:32:39.531Z)
Download STIX
Preview STIX
Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Prior to Gopuram's introduction, another malware named LPEClient was used to deliver subsequent malware. However, Gopuram has recently been deployed through a 3CX supply-chain attack, demonstrating tactics similar to those used in past attacks. What makes the Gopuram case remarkable is its coexistence with AppleJeus, another backdoor malware attributed to the Lazarus group, on victim machines. This discovery came about following the infamous 3CX hack, which affected victims globally. The Gopuram malware loads a 'ualapi.dll' file after each system reboot, a tactic previously observed with this type of malware. The recent discovery of new Gopuram infections has allowed researchers to link the 3CX campaign to the Lazarus threat actor with medium to high confidence. This financially motivated campaign leveraged the Gopuram malware, further solidifying its association with the 3CX supply chain attack. As such, Gopuram represents a significant cybersecurity threat that requires comprehensive countermeasures.
Description last updated: 2024-05-04T16:45:57.442Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
AppleJeus is a possible alias for Gopuram. AppleJeus is a malware attributed with medium confidence to the North Korea-linked APT group "Gleaming Pisces," also known as Citrine Sleet, by researchers at Palo Alto's Unit 42. The group has been notorious for distributing versions of AppleJeus malware disguised as legitimate cryptocurrency tradi
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
3cx
Payload
Implant
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lazarus Group Threat Actor is associated with Gopuram. The Lazarus Group, a notorious threat actor attributed to North Korea, is renowned for its malicious activities aimed at furthering the country's objectives. This group has been implicated in several high-profile cyber-attacks, including an attack in Spain known as Operation DreamJob. The exploitatiUnspecified
2
Source Document References
Information about the Gopuram Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a day ago
CERT-EU
a year ago
Securelist
a year ago
BankInfoSecurity
a year ago
Securelist
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securelist
a year ago
CERT-EU
2 years ago
ESET
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
Securelist
2 years ago
DARKReading
2 years ago
DARKReading
2 years ago
Securelist
2 years ago
Securityaffairs
2 years ago