{
	"id": "0d74693a-0163-4327-91f5-1a87b48eaa99",
	"created_at": "2026-04-06T00:11:06.069892Z",
	"updated_at": "2026-04-10T13:11:23.893791Z",
	"deleted_at": null,
	"sha1_hash": "1f9f69282533bedc022d0993cdd6555265db8058",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 353819,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy Superpro\r\nArchived: 2026-04-02 11:54:22 UTC\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TerraRecon\r\nPage 1 of 5\n\nGolden Chickens Unveils TerraStealerV2 and TerraLogger: New Credential Theft Tools\r\nIdentified by Insikt Group\r\nFileHash-MD5: 17 | FileHash-SHA1: 17 | FileHash-SHA256: 18 | URL: 2 | Domain: 3\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TerraRecon\r\nPage 2 of 5\n\nA recent campaign led by the financially motivated group Golden Chickens (aka Venom Spider) has introduced\r\ntwo new malware strains: TerraStealerV2 and TerraLogger. These tools are distributed under a Malware-as-a-Service (MaaS) model and aim to compromise systems through phishing lures, often disguised as job resumes or\r\nAPI documentation. Payloads are embedded in .LNK, .DLL, and .EXE formats and delivered via deceptive file-sharing platforms.\r\n212 Subscribers\r\n840 Subscribers\r\neSentire | Unmasking VENOM SPIDER\r\nFileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 4 | Domain: 11\r\nMicrosoft's eSentire offers a comprehensive range of security services, including multi-signal MDR services for\r\nsmall and medium businesses, and a dedicated Cyber Risk Advisor for executive meeting support for business\r\nleaders.\r\n840 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TerraRecon\r\nPage 3 of 5\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TerraRecon\r\nPage 4 of 5\n\n17 Subscribers\r\n1,344 Subscribers\r\n373,203 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:TerraRecon\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TerraRecon\r\nPage 5 of 5\n\nGolden Chickens Identified Unveils TerraStealerV2 by Insikt Group and TerraLogger: New Credential Theft Tools\nFileHash-MD5: 17 | FileHash-SHA1: 17 | FileHash-SHA256: 18 | URL: 2 | Domain: 3\n  Page 2 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:TerraRecon"
	],
	"report_names": [
		"pulses?q=tag:TerraRecon"
	],
	"threat_actors": [
		{
			"id": "f5c90ccc-0f18-4e07-a246-b62101ab2f6f",
			"created_at": "2023-01-06T13:46:38.854407Z",
			"updated_at": "2026-04-10T02:00:03.122844Z",
			"deleted_at": null,
			"main_name": "GC02",
			"aliases": [
				"Golden Chickens",
				"Golden Chickens02",
				"Golden Chickens 02"
			],
			"source_name": "MISPGALAXY:GC02",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f2fa9952-301f-4376-ac69-743d6f2bec1e",
			"created_at": "2023-01-06T13:46:39.122721Z",
			"updated_at": "2026-04-10T02:00:03.22231Z",
			"deleted_at": null,
			"main_name": "VENOM SPIDER",
			"aliases": [
				"badbullz",
				"badbullzvenom"
			],
			"source_name": "MISPGALAXY:VENOM SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "88802a4b-5b3d-42ee-99e6-8a4f5fd231f6",
			"created_at": "2023-01-06T13:46:38.851345Z",
			"updated_at": "2026-04-10T02:00:03.121861Z",
			"deleted_at": null,
			"main_name": "GC01",
			"aliases": [
				"Golden Chickens",
				"Golden Chickens01",
				"Golden Chickens 01"
			],
			"source_name": "MISPGALAXY:GC01",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7a257844-df90-4bd4-b0f1-77d00ff82802",
			"created_at": "2022-10-25T16:07:24.376356Z",
			"updated_at": "2026-04-10T02:00:04.964565Z",
			"deleted_at": null,
			"main_name": "Venom Spider",
			"aliases": [
				"Golden Chickens",
				"TA4557",
				"Venom Spider"
			],
			"source_name": "ETDA:Venom Spider",
			"tools": [
				"More_eggs",
				"PureLocker",
				"SONE",
				"SpicyOmelette",
				"StealerOne",
				"Taurus Builder",
				"Taurus Builder Kit",
				"Taurus Loader",
				"Taurus Loader Reconnaissance Module",
				"Taurus Loader Stealer Module",
				"Taurus Loader TeamViewer Module",
				"Terra Loader",
				"TerraCrypt",
				"TerraLogger",
				"TerraPreter",
				"TerraRecon",
				"TerraStealer",
				"TerraTV",
				"TerraWiper",
				"ThreatKit",
				"VenomKit",
				"VenomLNK",
				"lite_more_eggs"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434266,
	"ts_updated_at": 1775826683,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1f9f69282533bedc022d0993cdd6555265db8058.pdf",
		"text": "https://archive.orkl.eu/1f9f69282533bedc022d0993cdd6555265db8058.txt",
		"img": "https://archive.orkl.eu/1f9f69282533bedc022d0993cdd6555265db8058.jpg"
	}
}