APT_MAL_Gopuram_Backdoor_Apr23

Rule Info

Name
APT_MAL_Gopuram_Backdoor_Apr23
Author
X__Junior (Nextron Systems)
Description
Detects Gopuram backdoor
Score
80
Reference
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
Date
2023-02-24
Modified
2023-04-16
Minimum Yara
3.0.0
Rule Hash
a9911faa0ad91e4578cbfe4844f9e4ee
Tags
['APT', 'FILE', 'MAL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_mal_gopuram_backdoor_apr23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
2
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-26 14:03:17
38
68
b324940ea8b0d335eb0447c7f36fe0a118ec61fbe6ead61bc71952389342566e
2023-07-25 13:57:16
10
70
07f65957e7e66be72ae4ed69d2871c2079ffe19922a2a48ba3526442be910012
2023-04-12 04:11:46
6
70
480b8c9df70396f44cdca00fd860fdf38ce1d8493ebeed6fe679dd3fd799b7f6
2023-04-12 01:22:26
8
70
cc36b610705d96dd8a82faf8bce1e1d6197948518318f2332323de3c5d05999d
2023-04-04 16:23:48
31
70
beb775af5196f30e0ee021790a4978ca7a7ac2a7cf970a5a620ffeb89cc60b2c
2023-04-04 12:09:39
17
70
97b95b4a5461f950e712b82783930cb2a152ec0288c00a977983ca7788342df7

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022