← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.
Indicators of Compromise (15)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 000102030405060708090a0b0c0d0e0f | — | 2026-05-28 | |
| FileHash-MD5 | 0123456789abcdef0123456789abcdef | — | 2026-05-28 | |
| FileHash-MD5 | 02a43b3423367b9dddc24cc7dfc070df | — | 2026-05-28 | |
| FileHash-MD5 | 6a0fe6065d76715feebc1526d456db73 | — | 2026-05-28 | |
| FileHash-MD5 | 7f624407ae489324e96a708a09c17e6f | — | 2026-05-28 | |
| IPv4 | 107.172.212.235 | CC=US ASN=AS36352 colocrossing | 2026-05-28 | |
| domain | 5d14vnfb.space | — | 2026-05-28 | |
| domain | jeaw520i.space | — | 2026-05-28 | |
| domain | kristina.quest | — | 2026-05-28 | |
| domain | m4yuri.online | — | 2026-05-28 | |
| domain | qdmagva5.space | — | 2026-05-28 | |
| domain | r7mvjl67.space | — | 2026-05-28 | |
| domain | urush1bar4.online | — | 2026-05-28 | |
| domain | zgj1tam9.space | — | 2026-05-28 | |
| hostname | file.ipfs.us.69.mu | — | 2026-05-28 |