Where to Find Aspiring Hackers

April 7, 2025, 8:04 a.m.

Description

This analysis focuses on Proton66, a bulletproof hosting network enabling cybercrime operations and serving as a hub for aspiring cybercriminals. It examines the activities of a threat actor known as 'Coquettte,' who is linked to the Horrid hacking group. The investigation reveals a fake cybersecurity website used for malware distribution, and explores Coquettte's broader criminal ventures, including a website allegedly providing guides for illegal activities. The research highlights Proton66's role as a breeding ground for amateur threat actors and provides insights into the malware infrastructure used by Coquettte, including the Rugmi/Penguish loader trojan. The analysis also uncovers connections to other domains and potential affiliations with a larger hacking collective.

External References

https://dti.domaintools.com/proton66-where-to-find-aspiring-hackers
https://otx.alienvault.com/pulse/67f038f5181e071891d8e3bf
Tags
amadey
lumma stealer
cybercrime
vidar
infostealers
penguish
rugmi
2025-04-04
rescoms
proton66
bulletproof hosting
recordbreaker
horrid hacking group
amateur hackers
fake cybersecurity
rugmi malware

Date

  • Created: April 4, 2025, 7:54 p.m.
  • Published: April 4, 2025, 7:54 p.m.
  • Modified: April 7, 2025, 8:04 a.m.

Attack Patterns

  • Rugmi
  • Penguish
  • Amadey - S1025
  • Rescoms
  • Lumma stealer
  • RecordBreaker
  • Vidar
  • Coquettte

Additional Informations

  • Russian Federation