← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
WHITE Lazarus AlienVault 2023-04-04 Modified: 2023-04-04
8
IOCs
LOW VOLUME
Security firm Kaspersky has published a new blog regarding a backdoor that was deployed through the supply chain attack on 3CX, in combination with an info-stealer. The 3cx supply chain attack infected companies all over the world, especially in France, Italy, Germany, and Brazil. The gopuram backdoor might be the main implant and the final payload in the attack chain. This implant was deployed in less than 10 machines only.
lazarusgopuramaptbackdoordata thefttargeted attacksc2 serversupply chain attackespionage
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gopuram
Indicators of Compromise (2 / 8 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 790a0e6790fb359b5010d952ea773d1a89668133 SHA1 of ec3f99dd7d9dbce8d704d407b086e84f 2023-04-04
FileHash-SHA1 d2a0793df89ef6784eb3b4d10e5bc46498430fa4 SHA1 of 933508a9832da1150fcfdbc1ca9bc84c 2023-04-04
References (1)
↗ https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/