Gold Dragon
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Gold Dragon uses HTTP for communication to the control servers.(Citation: McAfee Gold Dragon) |
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Gold Dragon establishes persistence in the Startup folder.(Citation: McAfee Gold Dragon) |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Gold Dragon uses cmd.exe to execute commands for discovery.(Citation: McAfee Gold Dragon) |
Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
Gold Dragon stores information gathered from the endpoint in a file named 1.hwp.(Citation: McAfee Gold Dragon) |
Enterprise | T1562 | .001 | Impair Defenses: Disable or Modify Tools |
Gold Dragon terminates anti-malware processes if they’re found running on the system.(Citation: McAfee Gold Dragon) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
Gold Dragon deletes one of its files, 2.hwp, from the endpoint after establishing persistence.(Citation: McAfee Gold Dragon) |
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
Gold Dragon checks for anti-malware products and processes.(Citation: McAfee Gold Dragon) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0094 | Kimsuky |
(Citation: Talos Kimsuky Nov 2021) (Citation: Mandiant APT43 March 2024) |
References
- Sherstobitoff, R., Saavedra-Morales, J. (2018, February 02). Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems. Retrieved June 6, 2018.
- An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.
- Mandiant. (2024, March 14). APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations. Retrieved May 3, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.