Badbullzvenom

Threat Actor Profile Updated 16 days ago
Download STIX
Preview STIX
Badbullzvenom, a malware associated with the notorious Golden Chickens operation, has been traced back to its developers. In May 2023, security firm eSentire identified the second developer of the malware as a Romanian individual named Jack, also known by aliases Lucky and badbullzvenom. The Golden Chickens malware has been utilized in cybercrime operations by groups such as the Russian Cobalt Group and FIN6. This malware is designed to exploit and damage computer systems, capable of stealing personal information, disrupting operations, or even holding data hostage for ransom. The alias badbullzvenom became a subject of interest when another threat actor, "babay," accused him of theft and issued a bounty for information leading to his real identity in July 2022. Further investigation revealed that Jack, aka Lucky, shared the badbullz and badbullzvenom accounts with a Montreal-based cybercriminal known as "Chuck." It was speculated that Jack brokered a deal with Chuck to use these aliases on various underground forums to evade his notoriety as a ripper. Jack's activities can be traced back to 2015 when he released a tool called MULTIPLIER via the badbullzvenom account. In 2017, under the same alias, he released another tool called VenomKit, which later evolved into the Golden Chickens Malware-as-a-Service (MaaS). Both tools contributed significantly to his credibility in the cybercrime community. Ultimately, eSentire characterized Jack as the true mastermind behind the Golden Chickens operation.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Badbullzvenom Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware
CERT-EU
a year ago
Researchers identify second developer behind Golden Chickens MaaS
CERT-EU
a year ago
High-severity Chrome vulnerabilities addressed
CERT-EU
a year ago
Golden Chickens malware developer unmasked
CERT-EU
a year ago
Minnesota VA medical center plagued with IT security gaps