Full Report
2025-04-04 • The Hacker News • Ravie Lakshmanan • win.rugmi Open article on Malpedia
Analysis Summary
# Threat Actor: Coquettte
## Attribution & Identity
The threat actor is referred to as **Coquettte**.
## Activity Summary
The article suggests that Coquettte has been conducting malware campaigns that were recently exposed due to an operational security (OPSEC) failure involving their use of bulletproof hosting servers.
## Tactics, Techniques & Procedures
Specific TTPs were not detailed in the provided abstract, aside from the reliance on **bulletproof hosting servers** for operations.
## Targeting
- Sectors: Not specified in the abstract.
- Geography: Not specified in the abstract.
- Victims: Not specified in the abstract.
## Tools & Infrastructure
- Malware families used: **rugmi** (indicated by the Malpedia link `win.rugmi`).
- Infrastructure (C2, domains, IPs): Operations utilized **bulletproof hosting servers**. No specific URLs or IPs were provided.
## Implications
The OPSEC failure is significant as it exposed the infrastructure used by Coquettte for their malware campaigns, potentially disrupting or revealing the scope of their operations.
## Mitigations
The context implies that monitoring or disrupting the use of bulletproof hosting intended for malicious C2 or malware distribution is a key area of concern related to this actor.