Gold Dragon

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Gold Dragon is a Korean-language malware implant that has been observed since December 24, 2017. This data-gathering implant was designed to infiltrate systems, execute binaries from a control server, and encrypt the data it obtains using a generated key. Notably, Gold Dragon re-emerged on the same day as the start of an Olympics campaign, indicating a potential connection. Its communication mechanism uses a unique user agent string, and it shares numerous similarities with other malware in terms of system reconnaissance methods. Gold Dragon is part of a broader campaign that also includes Brave Prince, Ghost419, and RunningRat. These implants share significant elements and code, especially for system reconnaissance functions. Brave Prince, like Gold Dragon, is a Korean-language implant with similar system profiling and control server communication mechanisms. Ghost419, which contains hardcoded "Ghost419" in its binary, is based on Gold Dragon and Brave Prince implants. In late December 2017, five variants of Gold Dragon were compiled, heavily targeting Olympic organizations. These variants contained the string "WebKitFormBoundarywhpFxMBe19cSjFnG," which is part of the upload mechanism. Later versions of these variants exfiltrated data via HTTP post commands to a web server, following the same process as the original Gold Dragon malware. The shared characteristics among these malware demonstrate a much wider and more coordinated campaign than previously known.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gold Dragon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims' Systems
Recorded Future
a year ago
Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar | Recorded Future
Recorded Future
a year ago
Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar | Recorded Future