Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Tags
country: Brazil Germany France Italy
attack-pattern: Data Hardware - T1592.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Timestomp - T1070.006 Timestomp - T1099
Show in Graph
Common Information
Type Value
UUID 7ed327b4-18df-4d9a-b9f5-e9bccfc7bc8b
Fingerprint 2daf9c19cf2fa461
Analysis status DONE
Considered CTI value 2
Text language
Published April 3, 2023, 12:10 p.m.
Added to db April 3, 2023, 2:30 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Title Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Detected Hints/Tags/Attributes 44/2/21
Source URLs
Redirection Url
Details Source https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
URL Provider
Details Provider Source level domain
Details securelist.com securelist.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 223 Securelist https://securelist.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 8 
wirexpro.com
Details Domain 6 
oilycargo.com
Details Domain 338 
kaspersky.com
Details Email 147 
intelreports@kaspersky.com
Details File 7 
guard64.dll
Details File 38 
3cxdesktopapp.exe
Details File 50 
d3dcompiler_47.dll
Details File 7 
c:\windows\system32\wlbsctrl.dll
Details File 7 
0.reg
Details File 28 
wlbsctrl.dll
Details File 7 
ualapi.dll
Details File 9 
ncobjapi.dll
Details File 131 
spoolsv.exe
Details File 142 
wmiprvse.exe
Details File 2 
chk.log
Details File 3 
avbugreport.exe
Details md5 2 
9f85a07d4b4abff82ca18d990f062a84
Details md5 2 
F684E10FF1FFCDD32C62E73A11382896
Details md5 2 
933508a9832da1150fcfdbc1ca9bc84c
Details md5 2 
ec3f99dd7d9dbce8d704d407b086e84f
Details md5 2 
96d3bbf4d2cf6bc452b53c67b3f2516a