GOLD GALLEON is a threat actor referenced in the provided content as one of the groups observed using commodity credential-theft malware, including HawkEye (also known as PredatorPain) and Pony (also known as Fareit or Siplog). The content also explicitly notes Gold Galleon as suspected Nigerian (🇳🇬). Based on the cited material, the actor has been associated with malware delivered through phishing and other common malware distribution channels, with resulting capabilities including credential theft, keylogging, clipboard theft, screenshot capture, theft of browser, email, FTP, and wallet data, persistence via Registry Run keys and scheduled tasks, self-deletion, anti-analysis checks, and process injection or hollowing including into .NET-related processes such as vbc.exe. The content does not provide additional high-confidence detail on GOLD GALLEON’s specific targets, sub-groups, or operations beyond its mention as a user of HawkEye and Fareit/Pony. Known alias in the provided content: gold_galleon.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
2 malware families attributed to this actor across reporting.
10 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.