Golden Chickens

Malware updated 5 months ago (2024-11-29T13:56:41.007Z)
Download STIX
Preview STIX
Golden Chickens, also known as More_eggs, is a stealthy and capable malware suite primarily used by financially-motivated cybercrime groups such as the Cobalt Group and FIN6. The malware was initially discovered in 2018 and has been primarily targeting organizations in Southeast Asia, stealing sensitive information like intellectual property and geopolitical intelligence from compromised systems. Its distribution is attributed to Venom Spider, an underground Malware-as-a-Service (MaaS) provider also known as badbullzvenom, according to Trend Micro. The threat actor behind Golden Chickens, Venom Spider, has been tracked down by Elite Threat Hunters. Identified as one of two criminals operating under the name "badbullzvenom" on the Russian-language Exploit.in forum, he has been characterized as the true mastermind behind the malware suite. His accomplice, known as "Chuck from Montreal," was found to have collaborated with him on the dark web from late 2012 to October 2013. Together, they released Multiplier and VenomKit in 2015 and 2017 respectively, which were later consolidated into Golden Chickens. In a significant breakthrough, cybersecurity firm eSentire uncovered the identity of the second developer of the Golden Chickens malware, due to a fatal operational security blunder. Revealed on May 22, 2023, the second developer was identified as a Romanian named Jack, who also goes by the names Lucky and badbullzvenom. Jack's identity unmasking has provided valuable insight into the operations of the Golden Chickens malware, further aiding efforts to combat this persistent cyber threat.
Description last updated: 2024-10-01T20:16:11.027Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Badbullzvenom is a possible alias for Golden Chickens. Badbullzvenom, also known as Lucky and Jack, is a Romanian threat actor identified by eSentire as the second developer of the Golden Chickens malware. This malware has been utilized by prominent cybercrime operations such as the Russian Cobalt Group and FIN6. The identification was reported on May 2
3
Venom Spider is a possible alias for Golden Chickens. Venom Spider is a potent and stealthy malware suite, operated by a threat actor of the same name. Identified by Elite Threat Hunters, Venom Spider, also known as badbullzvenom, operates under a Malware-as-a-Service (MaaS) model. This means that the malware is provided as a service to other cybercrim
3
More_eggs is a possible alias for Golden Chickens. More_eggs, also known as Golden Chickens, is a dangerous malware suite used by financially-motivated cybercrime actors such as the Cobalt Group and FIN6. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, a
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Maas
Backdoor
Loader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The EVILNUM Malware is associated with Golden Chickens. Evilnum is a form of malware, first observed and reported in 2018, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or even hoUnspecified
2
The Venom Malware is associated with Golden Chickens. Venom is a malicious software (malware) that has been associated with the hacker group Seedworm since at least mid-2022. It was described by Microsoft as Seedworm’s “tool of choice,” often delivered via a custom build of Venom Proxy in its activities. The malware was used in conjunction with other tUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Cobalt Group Threat Actor is associated with Golden Chickens. The Cobalt Group is a significant threat actor known for its financially-motivated cybercrime activities. This group, along with the Russian state-sponsored hacking group APT28, was responsible for almost half of all cybersecurity incidents in 2023, according to TechRadar. The Cobalt Group's modus oUnspecified
2