Gold Dragon is a data-gathering trojan first observed in late December 2017. It is used as a first-stage reconnaissance tool and downloader for additional malicious payloads. The trojan also generates a key to encrypt data that the implant obtains from the system. The encrypted data is send to a server controlled by the threat actors, ink.inkboom.co.kr. The trojan contains similar code to two other trojans, Ghost419 and Brave Price, indicating the trojans are developed and/or distributed by the same threat actor. The trojan has been distributed via spear phishing emails to at least 333 victim organizations. The late December campaign heavily targeted Olympic organizations.
- McAfee provides a technical analysis of Gold Dragon here.