HOMETHREATSGoldDragon
APT / THREAT GROUP

GoldDragon

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

GoldDragon was a second-stage backdoor which established a permanent presence on the victim’s system once the first-stage, file-less, PowerShell-based attack leveraging steganography was executed. The initial attack was observed first in December 2017, when a Korean-language spear phishing campaing targeted organizations linked with Pyeongchang Winter Olympics 2018. GoldDragon was delivered once the attacker had gained an initial foothold in the targeted environment.

The malware was capable of a basic reconnaissance, data exfiltration and downloading of additional components from its C&C server.

Threat Analysis

GoldDragon is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

GoldDragonwin.gold_dragonLovexxx

External Intelligence

Malpedia: win.gold_dragon

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
GoldDragon — APT / Threat Group | Threat Intelligence | CTIWATCH.COM