SYMBOLCOMMON_NAMEaka. SYNONYMS

VENOM SPIDER  (Back to overview)

aka: badbullz, badbullzvenom

VENOM SPIDER is the developer of a large toolset that includes SKID, VenomKit and Taurus Loader. Under the moniker 'badbullzvenom', the adversary has been an active member of Russian underground forums since at least 2012, specializing in the identification of vulnerabilities and the subsequent development of tools for exploitation, as well as for gaining and maintaining access to victim machines and carding services. Recent advertisements for the malware indicate that VENOM SPIDER limits the sale and use of its tools, selling modules only to trusted affiliates. This preference can be seen in the fact that adversaries observed using the tools include the targeted criminal adversary COBALT SPIDER and BGH adversaries WIZARD SPIDER and PINCHY SPIDER.

Associated Families
win.terra_recon win.terra_stealer win.terra_tv js.more_eggs
References
2024-06-10The Hacker NewsRavie Lakshmanan
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
More_eggs
2023-05-22eSentireJoe Stewart, Keegan Keplinger
The Hunt for VENOM SPIDER PART 2
VENOM SPIDER
2023-04-20SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
New OCX#HARVESTER Attack Campaign Leverages a Modernized More_eggs Suite to Target Victims
More_eggs
2023-03-10Security0wnageSecurity0wnage
How Do You Like Dem Eggs? I like Mine Scrambled, Really Scrambled - A Look at Recent more_eggs Samples
More_eggs
2023-01-24eSentireJoe Stewart, Keegan Keplinger
Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2022-08-25ExpelAndrew Jerry, Kyle Pellett
MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs
2022-04-21eSentireeSentire Threat Response Unit (TRU)
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK
2021-07-22MinervaMinerva Labs
Taurus Loader: User-Guided Infection
TerraTV
2021-04-05eSentireeSentire
Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire
More_eggs TerraPreter TerraLoader VenomLNK
2020-09-03Twitter (@Arkbird_SOLG)Arkbird
Tweet on development in more_eggs
More_eggs
2020-07-20QuoIntelligence
Golden Chickens: Evolution Oof the MaaS
More_eggs TerraLoader TerraStealer VenomLNK
2020-07-10Github (eset)Matías Porolli
Evilnum — Indicators of Compromise
EVILNUM More_eggs EVILNUM TerraStealer
2020-07-09ESET ResearchMatías Porolli
More evil: A deep look at Evilnum and its toolset
EVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum
2020-06-24Twitter (@3xp0rtblog)3xp0rt
Tweet on new version of TaurusStealer (v1.4)
TerraStealer
2020-06-04Chianxin Virus Response Center
脚本系贼寇之风兴起,买卖体系堪比勒索软件
EVILNUM More_eggs
2020-04-07SecurityIntelligenceOle Villadsen
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-01-27QuoScientQuoScient
The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
TerraRecon TerraStealer TerraTV VenomLNK
2020-01-01SecureworksSecureWorks
GOLD KINGSWOOD
More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz Cobalt
2020-01-01SecureworksSecureWorks
GOLD KINGSWOOD
More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz
2019-08-29Security IntelligenceJoey Victorino, Kevin Henson, Melissa Frydrych, Ole Villadsen
More_eggs, Anyone? Threat Actor ITG08 Strikes Again
More_eggs FIN6
2019-06-04BitdefenderBitdefender
An APT Blueprint: Gaining New Visibility into Financial Threats
More_eggs Cobalt Strike
2019-02-21ProofpointProofpoint Threat Insight Team
Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers
More_eggs
2018-10-17MITRE ATT&CKMITRE
Software Description: More_eggs
More_eggs
2018-10-08MorphisecMichael Gorelik
Cobalt Group 2.0
More_eggs
2018-09-27SecureworksCounter Threat Unit ResearchTeam
Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
More_eggs Cobalt
2018-08-30NetScoutASERT Team
Double the Infection, Double the Fun
More_eggs CobInt
2018-07-31Cisco TalosVanja Svajcer
Multiple Cobalt Personality Disorder
More_eggs
2018-03-02ReaqtaReaqta
Spear-phishing campaign leveraging on MSXSL
More_eggs
2017-11-20Trend MicroFyodor Yarochkin, Lenart Bermejo, Ronnie Giagone
Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
More_eggs Cobalt
2017-08-07Trend MicroFyodor Yarochkin, Lenart Bermejo, Ronnie Giagone, Rubio Wu
Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
More_eggs
Credits: MISP Project