Golden Chickens

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Golden Chickens, also known as More_eggs, is a sophisticated malware suite that was initially discovered in 2018. It is used by financially motivated cybercrime actors like the Cobalt Group and FIN6 to steal sensitive information such as intellectual property and geopolitical intelligence from compromised systems. The malware primarily targets organizations in Southeast Asia and has been identified as a "cyber weapon of choice" by the Russia-based cyber gangs. It is offered as a malware-as-a-service (MaaS), providing its users with a stealthy and capable tool for their illicit activities. The identity of the threat actors behind Golden Chickens was unveiled by Elite Threat Hunters from cybersecurity firm eSentire. VENOM SPIDER, a Romanian man known as Jack or badbullzvenom, was identified as one of the two criminals operating an account on the Russian-language Exploit.in forum. He was characterized as the true mastermind behind Golden Chickens. Jack reportedly met with co-developer 'Chuck from Montreal' in the dark web from late 2012 to October 2013, before releasing Multiplier and VenomKit in 2015 and 2017, respectively, which were later consolidated into Golden Chickens. In May 2023, the second developer of the Golden Chickens malware was unmasked due to a fatal operational security blunder. The second developer was also identified as Jack, who is also known as Lucky and badbullzvenom. This revelation has shed more light on the operations and development of the Golden Chickens malware, enhancing the understanding of this persistent cyber threat and potentially aiding in its mitigation.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Lucky	1	"Lucky" is a malicious software (malware) that has been compromising systems, causing significant disruptions and potential data loss. This malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal inform
More_eggs	1	More_eggs, also known as Golden Chickens, is a malware suite utilized by financially motivated cybercrime actors such as Cobalt Group and FIN6. This malware-as-a-service (MaaS) offering has been identified as the "cyber weapon of choice" by Russia-based cyber gangs. It was first seen in email campai
FIN6	1	FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home
Venomkit	1	VenomKit is a malicious software (malware) that was released by badbullzvenom, also known as LUCKY, in 2017. The tool was developed with the intent to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once inside a
Venom Spider	1	Venom Spider is a highly capable and stealthy malware suite, known for its destructive potential to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the ability to steal personal informa

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Maas

Cybercrime

Malware

Esentire

Antivirus

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
EVILNUM	Unspecified	1	Evilnum is a form of malware, first observed and reported in 2018, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or even ho
Taurus	Unspecified	1	Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
ITG08	Unspecified	1	ITG08 is a notable threat actor in the cybersecurity landscape, known for its malicious activities and strategic partnerships with other threat actors. This group has been linked to a series of attacks through Tactics, Techniques, and Procedures (TTPs) consistent with their known modus operandi. Whi
Badbullzvenom	Unspecified	1	Badbullzvenom, a malware associated with the notorious Golden Chickens operation, has been traced back to its developers. In May 2023, security firm eSentire identified the second developer of the malware as a Romanian individual named Jack, also known by aliases Lucky and badbullzvenom. The Golden
Chuck From Montreal	Unspecified	1	"Chuck from Montreal" is a malware, part of a criminal operation that was active on the Russian-language Exploit.in forum under the pseudonym "badbullzvenom". He is one of two key figures behind this operation, the other being an individual known as "Jack". Their activities were first brought to lig
Cobalt Group	Unspecified	1	The Cobalt Group is a significant threat actor known for its financially-motivated cybercrime activities. This group, along with the Russian state-sponsored hacking group APT28, was responsible for almost half of all cybersecurity incidents in 2023, according to TechRadar. The Cobalt Group's modus o
Skeleton Spider	Unspecified	1	Skeleton Spider is a financially motivated threat actor that has been observed targeting POS machines used by retailers in Europe and the U.S. This threat actor was first identified two years ago and goes by other names such as FIN6 or ITG08. It employs the Golden Chickens service to anchor its intr

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Golden Chickens Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	Researchers Identify Second Developer of ‘Golden Chickens’ Malware
CERT-EU	a year ago	Golden Chickens malware developer unmasked
CERT-EU	a year ago	Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
CERT-EU	a year ago	Minnesota VA medical center plagued with IT security gaps
CERT-EU	a year ago	Security Operations Center (SOC) \| Security Operations Centers
CERT-EU	7 months ago	Hiring? New scam campaign means ‘resume’ downloads may contain malware
CERT-EU	a year ago	High-severity Chrome vulnerabilities addressed
CERT-EU	a year ago	Researchers identify second developer behind Golden Chickens MaaS
CERT-EU	a year ago	Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware