ASEC observed an APT-style malicious Word document targeting a carbon-emissions specialist company on March 18, with the victim likely downloading a file named like a carbon-emissions research institute document through a web browser. The document was assessed to run wscript.exe against %AppData%\Microsoft\Templates\version.ini, matching a technique previously used by the same attack group to create scheduled tasks and fetch additional payloads from C2 infrastructure. The follow-on payload was Gold Dragon, installed via a DLL-like file named wieb.dat under %HomePath%. This Gold Dragon variant included information-theft capabilities, including system reconnaissance commands, keylogging, clipboard theft, and file-list collection stored under %localappdata%\Microsoft\common\pre, making the case relevant to organizations exposed to document-based spear-phishing against industrial sectors.