← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
WHITE Lazarus AlienVault 2023-04-04 Modified: 2023-04-04
8
IOCs
LOW VOLUME
Security firm Kaspersky has published a new blog regarding a backdoor that was deployed through the supply chain attack on 3CX, in combination with an info-stealer. The 3cx supply chain attack infected companies all over the world, especially in France, Italy, Germany, and Brazil. The gopuram backdoor might be the main implant and the final payload in the attack chain. This implant was deployed in less than 10 machines only.
lazarusgopuramaptbackdoordata thefttargeted attacksc2 serversupply chain attackespionage
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gopuram
Indicators of Compromise (8)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 96d3bbf4d2cf6bc452b53c67b3f2516a 2023-04-04
FileHash-MD5 9f85a07d4b4abff82ca18d990f062a84 2023-04-04
FileHash-SHA1 790a0e6790fb359b5010d952ea773d1a89668133 SHA1 of ec3f99dd7d9dbce8d704d407b086e84f 2023-04-04
FileHash-SHA1 d2a0793df89ef6784eb3b4d10e5bc46498430fa4 SHA1 of 933508a9832da1150fcfdbc1ca9bc84c 2023-04-04
FileHash-SHA256 295c20d0f0a03fd8230098fade0af910b2c56e9e5700d4a3344d10c106a6ae2a SHA256 of ec3f99dd7d9dbce8d704d407b086e84f 2023-04-04
FileHash-SHA256 6ce5b6b4cdd6290d396465a1624d489c7afd2259a4d69b73c6b0ba0e5ad4e4ad SHA256 of 933508a9832da1150fcfdbc1ca9bc84c 2023-04-04
domain oilycargo.com 2023-04-04
domain wirexpro.com 2023-04-04
References (1)
↗ https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/