Badbullzvenom

Threat Actor Profile Updated 2 months ago

Download STIX

Preview STIX

Badbullzvenom, a malware associated with the notorious Golden Chickens operation, has been traced back to its developers. In May 2023, security firm eSentire identified the second developer of the malware as a Romanian individual named Jack, also known by aliases Lucky and badbullzvenom. The Golden Chickens malware has been utilized in cybercrime operations by groups such as the Russian Cobalt Group and FIN6. This malware is designed to exploit and damage computer systems, capable of stealing personal information, disrupting operations, or even holding data hostage for ransom. The alias badbullzvenom became a subject of interest when another threat actor, "babay," accused him of theft and issued a bounty for information leading to his real identity in July 2022. Further investigation revealed that Jack, aka Lucky, shared the badbullz and badbullzvenom accounts with a Montreal-based cybercriminal known as "Chuck." It was speculated that Jack brokered a deal with Chuck to use these aliases on various underground forums to evade his notoriety as a ripper. Jack's activities can be traced back to 2015 when he released a tool called MULTIPLIER via the badbullzvenom account. In 2017, under the same alias, he released another tool called VenomKit, which later evolved into the Golden Chickens Malware-as-a-Service (MaaS). Both tools contributed significantly to his credibility in the cybercrime community. Ultimately, eSentire characterized Jack as the true mastermind behind the Golden Chickens operation.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Lucky	1	"Lucky" is a malicious software (malware) that has been compromising systems, causing significant disruptions and potential data loss. This malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal inform
Badbullz	1	Badbullz is a malicious software (malware) that poses significant threats to computer systems and user data. It is associated with two threat actors, known by their aliases "LUCKY" and "Chuck from Montreal". The duo utilized the Badbullz and Badbullzvenom accounts to exploit unsuspecting victims, in
Chuck From Montreal	1	"Chuck from Montreal" is a malware, part of a criminal operation that was active on the Russian-language Exploit.in forum under the pseudonym "badbullzvenom". He is one of two key figures behind this operation, the other being an individual known as "Jack". Their activities were first brought to lig
Cobalt Group	1	The Cobalt Group is a significant threat actor known for its financially-motivated cybercrime activities. This group, along with the Russian state-sponsored hacking group APT28, was responsible for almost half of all cybersecurity incidents in 2023, according to TechRadar. The Cobalt Group's modus o
FIN6	1	FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Cybercrime

Maas

Esentire

Malware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Golden Chickens	Unspecified	1	Golden Chickens, also known as More_eggs, is a sophisticated malware suite that was initially discovered in 2018. It is used by financially motivated cybercrime actors like the Cobalt Group and FIN6 to steal sensitive information such as intellectual property and geopolitical intelligence from compr
Venomkit	Unspecified	1	VenomKit is a malicious software (malware) that was released by badbullzvenom, also known as LUCKY, in 2017. The tool was developed with the intent to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once inside a

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Badbullzvenom Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	High-severity Chrome vulnerabilities addressed
CERT-EU	a year ago	Golden Chickens malware developer unmasked
CERT-EU	a year ago	Minnesota VA medical center plagued with IT security gaps
CERT-EU	a year ago	Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware
CERT-EU	a year ago	Researchers identify second developer behind Golden Chickens MaaS