Golden Chickens

Malware updated 8 days ago (2024-11-29T13:56:41.007Z)
Download STIX
Preview STIX
Golden Chickens, also known as More_eggs, is a stealthy and capable malware suite primarily used by financially-motivated cybercrime groups such as the Cobalt Group and FIN6. The malware was initially discovered in 2018 and has been primarily targeting organizations in Southeast Asia, stealing sensitive information like intellectual property and geopolitical intelligence from compromised systems. Its distribution is attributed to Venom Spider, an underground Malware-as-a-Service (MaaS) provider also known as badbullzvenom, according to Trend Micro. The threat actor behind Golden Chickens, Venom Spider, has been tracked down by Elite Threat Hunters. Identified as one of two criminals operating under the name "badbullzvenom" on the Russian-language Exploit.in forum, he has been characterized as the true mastermind behind the malware suite. His accomplice, known as "Chuck from Montreal," was found to have collaborated with him on the dark web from late 2012 to October 2013. Together, they released Multiplier and VenomKit in 2015 and 2017 respectively, which were later consolidated into Golden Chickens. In a significant breakthrough, cybersecurity firm eSentire uncovered the identity of the second developer of the Golden Chickens malware, due to a fatal operational security blunder. Revealed on May 22, 2023, the second developer was identified as a Romanian named Jack, who also goes by the names Lucky and badbullzvenom. Jack's identity unmasking has provided valuable insight into the operations of the Golden Chickens malware, further aiding efforts to combat this persistent cyber threat.
Description last updated: 2024-10-01T20:16:11.027Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Badbullzvenom is a possible alias for Golden Chickens. Badbullzvenom, also known as Lucky and Jack, is a Romanian threat actor identified by eSentire as the second developer of the Golden Chickens malware. This malware has been utilized by prominent cybercrime operations such as the Russian Cobalt Group and FIN6. The identification was reported on May 2
2
More_eggs is a possible alias for Golden Chickens. More_eggs, also known as Golden Chickens, is a dangerous malware suite used by financially-motivated cybercrime actors such as the Cobalt Group and FIN6. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, a
2
Venom Spider is a possible alias for Golden Chickens. Venom Spider is a potent and stealthy malware suite, operated by a threat actor of the same name. Identified by Elite Threat Hunters, Venom Spider, also known as badbullzvenom, operates under a Malware-as-a-Service (MaaS) model. This means that the malware is provided as a service to other cybercrim
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Maas
Malware
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.