Gopuram

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Prior to Gopuram's introduction, another malware named LPEClient was used to deliver subsequent malware. However, Gopuram has recently been deployed through a 3CX supply-chain attack, demonstrating tactics similar to those used in past attacks. What makes the Gopuram case remarkable is its coexistence with AppleJeus, another backdoor malware attributed to the Lazarus group, on victim machines. This discovery came about following the infamous 3CX hack, which affected victims globally. The Gopuram malware loads a 'ualapi.dll' file after each system reboot, a tactic previously observed with this type of malware. The recent discovery of new Gopuram infections has allowed researchers to link the 3CX campaign to the Lazarus threat actor with medium to high confidence. This financially motivated campaign leveraged the Gopuram malware, further solidifying its association with the 3CX supply chain attack. As such, Gopuram represents a significant cybersecurity threat that requires comprehensive countermeasures.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
AppleJeus	5	AppleJeus is a notorious malware attributed to the North Korean APT Lazarus Group, designed primarily to steal cryptocurrency. This malicious software has been a key instrument in North Korea's financial theft operations, with threat groups pilfering $2.3 billion USD worth of crypto assets between M

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Backdoor

3cx

Payload

Implant

State Sponso...

Kaspersky

Infostealer

Espionage

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Lazarus Group	Unspecified	1	The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Gopuram Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	8 months ago	Advanced threat predictions for 2024 – GIXtools
Securelist	8 months ago	Kaspersky Security Bulletin: APT predictions 2024
BankInfoSecurity	9 months ago	Lazarus Group Looking for Unpatched Software Vulnerabilities
Securelist	9 months ago	A cascade of compromise: unveiling Lazarus' new campaign
CERT-EU	9 months ago	A cascade of compromise: unveiling Lazarus’ new campaign – GIXtools
CERT-EU	a year ago	IT threat evolution in Q2 2023 – GIXtools
CERT-EU	a year ago	IT threat evolution Q2 2023
CERT-EU	a year ago	APT trends report Q2 2023 – GIXtools
Securelist	a year ago	APT trends report Q2 2023
CERT-EU	a year ago	N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
ESET	a year ago	Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack \| WeLiveSecurity
CERT-EU	a year ago	N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
CERT-EU	a year ago	3CX hack highlights risk of cascading software supply-chain compromises
CERT-EU	a year ago	Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms
Securelist	a year ago	Kaspersky Incident Response report 2022
DARKReading	a year ago	3CX Supply Chain Attack Tied to Financial Trading App Breach
DARKReading	a year ago	3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor
Securelist	a year ago	Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Securityaffairs	a year ago	3CX Supply chain attack allowed targeting cryptocurrency firms
InfoSecurity-magazine	a year ago	Crypto Firms Likely Target for 3CX Attacks