Gopuram

Malware updated 4 months ago (2024-05-04T19:55:35.695Z)

Download STIX

Preview STIX

Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Prior to Gopuram's introduction, another malware named LPEClient was used to deliver subsequent malware. However, Gopuram has recently been deployed through a 3CX supply-chain attack, demonstrating tactics similar to those used in past attacks. What makes the Gopuram case remarkable is its coexistence with AppleJeus, another backdoor malware attributed to the Lazarus group, on victim machines. This discovery came about following the infamous 3CX hack, which affected victims globally. The Gopuram malware loads a 'ualapi.dll' file after each system reboot, a tactic previously observed with this type of malware. The recent discovery of new Gopuram infections has allowed researchers to link the 3CX campaign to the Lazarus threat actor with medium to high confidence. This financially motivated campaign leveraged the Gopuram malware, further solidifying its association with the 3CX supply chain attack. As such, Gopuram represents a significant cybersecurity threat that requires comprehensive countermeasures.

Description last updated: 2024-05-04T16:45:57.442Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
AppleJeus	5	AppleJeus is a malicious software, or malware, attributed to the North Korean Advanced Persistent Threat (APT) group known as Lazarus. It has been used extensively for financial theft initiatives, particularly targeting cryptocurrencies. The malware has seen multiple versions, including AppleJeus Ve

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Backdoor

3cx

Payload

Implant

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Gopuram Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Advanced threat predictions for 2024 – GIXtools
Securelist	10 months ago	Kaspersky Security Bulletin: APT predictions 2024
BankInfoSecurity	10 months ago	Lazarus Group Looking for Unpatched Software Vulnerabilities
Securelist	10 months ago	A cascade of compromise: unveiling Lazarus' new campaign
CERT-EU	10 months ago	A cascade of compromise: unveiling Lazarus’ new campaign – GIXtools
CERT-EU	a year ago	IT threat evolution in Q2 2023 – GIXtools
CERT-EU	a year ago	IT threat evolution Q2 2023
CERT-EU	a year ago	APT trends report Q2 2023 – GIXtools
Securelist	a year ago	APT trends report Q2 2023
CERT-EU	a year ago	N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
ESET	a year ago	Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack \| WeLiveSecurity
CERT-EU	a year ago	N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
CERT-EU	a year ago	3CX hack highlights risk of cascading software supply-chain compromises
CERT-EU	a year ago	Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms
Securelist	a year ago	Kaspersky Incident Response report 2022
DARKReading	a year ago	3CX Supply Chain Attack Tied to Financial Trading App Breach
DARKReading	a year ago	3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor
Securelist	a year ago	Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Securityaffairs	a year ago	3CX Supply chain attack allowed targeting cryptocurrency firms
InfoSecurity-magazine	a year ago	Crypto Firms Likely Target for 3CX Attacks