More_eggs

Malware updated a month ago (2024-11-29T13:56:39.911Z)
Download STIX
Preview STIX
More_eggs, also known as Golden Chickens, is a dangerous malware suite used by financially-motivated cybercrime actors such as the Cobalt Group and FIN6. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The malware has been identified in various cyber threats and nation-state attacks, with its use first observed as early as 2017 against targets including Russian financial institutions, mining firms, and other multinational organizations. The distribution of More_eggs is particularly insidious due to its use of social engineering campaigns and spear-phishing techniques. These methods target recruiters with benign content before infecting their machines with the malware. Attackers have also used phishing emails to distribute .zip files disguised as images to initiate a More_eggs infection. In a June campaign, LinkedIn was leveraged to trick recruiters into accessing a fake job resume site that distributed the malware as a malicious .lnk file. Furthermore, the malware has been seen in email campaigns targeting Russian businesses and job seekers with phony job offers. More_eggs is part of the Golden Chickens toolkit, which is distributed by Venom Spider, an underground Malware-as-a-Service (MaaS) provider also known as badbullzvenom. The identity of this provider, a Romanian man known as VENOM SPIDER, was uncovered by eSentire earlier this year. Organizations with managed detection and response (MDR) systems can set up custom filters and models to detect specific threats like More_eggs, automating responses to alerts. However, pinning down the exact identity of other groups using More_eggs, such as TA4557, FIN6, Cobalt Group, and Evilnum, remains challenging due to overlapping activities.
Description last updated: 2024-10-01T20:15:45.683Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Ta4557 is a possible alias for More_eggs. TA4557 is a malicious software (malware) that has been uniquely identified by cybersecurity firm Proofpoint due to its distinctive use of tools, campaign targeting, evasion measures, and controlled infrastructure. This malware is particularly notable for its sophisticated spear-phishing strategy, wh
2
Venom Spider is a possible alias for More_eggs. Venom Spider is a potent and stealthy malware suite, operated by a threat actor of the same name. Identified by Elite Threat Hunters, Venom Spider, also known as badbullzvenom, operates under a Malware-as-a-Service (MaaS) model. This means that the malware is provided as a service to other cybercrim
2
Golden Chickens is a possible alias for More_eggs. Golden Chickens, also known as More_eggs, is a stealthy and capable malware suite primarily used by financially-motivated cybercrime groups such as the Cobalt Group and FIN6. The malware was initially discovered in 2018 and has been primarily targeting organizations in Southeast Asia, stealing sensi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Cybercrime
Phishing
Loader
Maas
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The FIN6 Threat Actor is associated with More_eggs. FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor group associated with significant cyber-attacks. The group initially gained notoriety for successfully stealing credit cards through point of sale (POS) systems in retail and hospitality establishments, notably cauUnspecified
2
Source Document References
Information about the More_eggs Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
16 days ago
DARKReading
3 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
MITRE
2 years ago
MITRE
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago