Chuck From Montreal

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
"Chuck from Montreal" is a malware, part of a criminal operation that was active on the Russian-language Exploit.in forum under the pseudonym "badbullzvenom". He is one of two key figures behind this operation, the other being an individual known as "Jack". Their activities were first brought to light by cybersecurity firm eSentire in August 2022, when they revealed the real-world identity of "Chuck from Montreal", a Moldavian national residing in Canada. This revelation followed extensive research into the activities of these individuals who had been operating on various underground forums since around 2013. The partnership between "Chuck from Montreal" and "Jack" appears to have formed sometime between late 2012 and October 4, 2013. This conclusion is based on a message posted from Chuck's badbullz account on the Lampeduza forum, which contained contact information associated with "Jack", also known as "LUCKY". The duo's operations involved the distribution of the Golden Chickens Malware-as-a-Service (MaaS), with Jack characterized as the true mastermind behind it. Both individuals used multiple aliases across different platforms to obfuscate their identities and activities. "Jack" has reportedly gone to great lengths to make the Golden Chickens malware undetectable by most antivirus companies, allowing only a small number of customers to buy access to the MaaS. This strategic move has made their operation particularly difficult to track and counter. The discovery of the Jabber ID associated with "LUCKY" eventually led Threat Response Unit (TRU) researchers to uncover the real threat actor behind both "LUCKY" and "Chuck from Montreal". Despite these revelations, both individuals have shown a high level of sophistication in disguising their identities and evading detection.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Badbullzvenom
1
Badbullzvenom, a malware associated with the notorious Golden Chickens operation, has been traced back to its developers. In May 2023, security firm eSentire identified the second developer of the malware as a Romanian individual named Jack, also known by aliases Lucky and badbullzvenom. The Golden
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Esentire
Maas
Malware
Antivirus
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Golden ChickensUnspecified
1
Golden Chickens, also known as More_eggs, is a sophisticated malware suite that was initially discovered in 2018. It is used by financially motivated cybercrime actors like the Cobalt Group and FIN6 to steal sensitive information such as intellectual property and geopolitical intelligence from compr
LuckyUnspecified
1
"Lucky" is a malicious software (malware) that has been compromising systems, causing significant disruptions and potential data loss. This malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal inform
BadbullzUnspecified
1
Badbullz is a malicious software (malware) that poses significant threats to computer systems and user data. It is associated with two threat actors, known by their aliases "LUCKY" and "Chuck from Montreal". The duo utilized the Badbullz and Badbullzvenom accounts to exploit unsuspecting victims, in
VenomkitUnspecified
1
VenomKit is a malicious software (malware) that was released by badbullzvenom, also known as LUCKY, in 2017. The tool was developed with the intent to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once inside a
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Chuck From Montreal Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Researchers identify second developer behind Golden Chickens MaaS
CERT-EU
a year ago
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware