← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
WHITE Lazarus AlienVault 2023-04-04 Modified: 2023-04-04
8
IOCs
LOW VOLUME
Security firm Kaspersky has published a new blog regarding a backdoor that was deployed through the supply chain attack on 3CX, in combination with an info-stealer. The 3cx supply chain attack infected companies all over the world, especially in France, Italy, Germany, and Brazil. The gopuram backdoor might be the main implant and the final payload in the attack chain. This implant was deployed in less than 10 machines only.
lazarusgopuramaptbackdoordata thefttargeted attacksc2 serversupply chain attackespionage
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gopuram
Indicators of Compromise (2 / 8 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 96d3bbf4d2cf6bc452b53c67b3f2516a 2023-04-04
FileHash-MD5 9f85a07d4b4abff82ca18d990f062a84 2023-04-04
References (1)
↗ https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/