Gold Dragon

Gold Dragon is a data-gathering trojan first observed in late December 2017. It is used as a first-stage reconnaissance tool and downloader for additional malicious payloads. The trojan also generates a key to encrypt data that the implant obtains from the system. The encrypted data is send to a server controlled by the threat actors, ink.inkboom.co.kr. The trojan contains similar code to two other trojans, Ghost419 and Brave Price, indicating the trojans are developed and/or distributed by the same threat actor. The trojan has been distributed via spear phishing emails to at least 333 victim organizations. The late December campaign heavily targeted Olympic organizations.

Technical Details

  • McAfee provides a technical analysis of Gold Dragon here.