Gold Dragon is a data-gathering malware implant, acting as a downloader to inject malware into the victim’s computer. It came exclusively from South Korea as a file named 한글추출.exe, which roughly translates to Hangul Extraction. It began as a fileless attack that targeted organizations that were correlated to the PyeongChang Olympics. Alongside Gold Dragon, there are other implants similar to it, such as Brave Prince, Ghost419, and Running Rat.
The attack used a PowerShell implant that established an encrypted channel to the attacker’s server to gather basic system-level data, alongside that, the attacker is able to gain access to victim’s computer. Gold Dragon generates a key to encrypt data taken from the system and put into Gold Dragon’s main server.