Chuck From Montreal

Threat Actor Profile Updated 15 days ago
Download STIX
Preview STIX
"Chuck from Montreal" is a malware, part of a criminal operation that was active on the Russian-language Exploit.in forum under the pseudonym "badbullzvenom". He is one of two key figures behind this operation, the other being an individual known as "Jack". Their activities were first brought to light by cybersecurity firm eSentire in August 2022, when they revealed the real-world identity of "Chuck from Montreal", a Moldavian national residing in Canada. This revelation followed extensive research into the activities of these individuals who had been operating on various underground forums since around 2013. The partnership between "Chuck from Montreal" and "Jack" appears to have formed sometime between late 2012 and October 4, 2013. This conclusion is based on a message posted from Chuck's badbullz account on the Lampeduza forum, which contained contact information associated with "Jack", also known as "LUCKY". The duo's operations involved the distribution of the Golden Chickens Malware-as-a-Service (MaaS), with Jack characterized as the true mastermind behind it. Both individuals used multiple aliases across different platforms to obfuscate their identities and activities. "Jack" has reportedly gone to great lengths to make the Golden Chickens malware undetectable by most antivirus companies, allowing only a small number of customers to buy access to the MaaS. This strategic move has made their operation particularly difficult to track and counter. The discovery of the Jabber ID associated with "LUCKY" eventually led Threat Response Unit (TRU) researchers to uncover the real threat actor behind both "LUCKY" and "Chuck from Montreal". Despite these revelations, both individuals have shown a high level of sophistication in disguising their identities and evading detection.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Chuck From Montreal Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware
CERT-EU
a year ago
Researchers identify second developer behind Golden Chickens MaaS