Venom Spider

Malware updated 5 months ago (2024-11-29T13:40:05.750Z)
Download STIX
Preview STIX
Venom Spider is a potent and stealthy malware suite, operated by a threat actor of the same name. Identified by Elite Threat Hunters, Venom Spider, also known as badbullzvenom, operates under a Malware-as-a-Service (MaaS) model. This means that the malware is provided as a service to other cybercriminals who can use it for their own malicious purposes. The malware suite is part of the Golden Chickens toolkit, which includes more_eggs, a powerful tool used extensively in cybercrime activities. More_eggs, also referred to as Golden Chickens, has been identified as the "cyber weapon of choice" for Russia-based cyber gangs, including FIN6 and Cobalt Group. These groups are notorious for their cybercrime activities, using the tools provided by Venom Spider to carry out their operations. eSentire, a cybersecurity company, revealed the identity of the individual behind the Venom Spider operation earlier this year, unmasking him as a Romanian man. The distribution methods for Venom Spider's malware vary, making it a versatile and unpredictable threat. Historically, a common denominator among different threat campaigns by Venom Spider is the backdoor technique, allowing unauthorized access into targeted systems. Countries like UAE and Saudi Arabia have become prime targets for these cyberattacks. The discovery of Venom Spider's identity marks a significant step in tracking and combating the cyber threats posed by this actor and the notorious Russian cyber gangs that utilize his services.
Description last updated: 2024-10-01T20:15:59.106Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Golden Chickens is a possible alias for Venom Spider. Golden Chickens, also known as More_eggs, is a stealthy and capable malware suite primarily used by financially-motivated cybercrime groups such as the Cobalt Group and FIN6. The malware was initially discovered in 2018 and has been primarily targeting organizations in Southeast Asia, stealing sensi
3
More_eggs is a possible alias for Venom Spider. More_eggs, also known as Golden Chickens, is a dangerous malware suite used by financially-motivated cybercrime actors such as the Cobalt Group and FIN6. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, a
2
FIN6 is a possible alias for Venom Spider. FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor group associated with significant cyber-attacks. The group initially gained notoriety for successfully stealing credit cards through point of sale (POS) systems in retail and hospitality establishments, notably cau
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Maas
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Venom Malware is associated with Venom Spider. Venom is a malicious software (malware) that has been associated with the hacker group Seedworm since at least mid-2022. It was described by Microsoft as Seedworm’s “tool of choice,” often delivered via a custom build of Venom Proxy in its activities. The malware was used in conjunction with other tUnspecified
2
Source Document References
Information about the Venom Spider Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more