← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
WHITE CyberHunter_NL 2026-05-28 Modified: 2026-05-28
15
IOCs
MEDIUM VOLUME
In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.
malwarepe filedns queryrat agentgreat ideasaprilcpu minerboris larinkimsukyrussiamainexecutionxmrigjanelaratcorunabelarusoceanlotusvalleyrat
Indicators of Compromise (5 / 15 total)
All FileHash-MD5 IPv4 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 000102030405060708090a0b0c0d0e0f 2026-05-28
FileHash-MD5 0123456789abcdef0123456789abcdef 2026-05-28
FileHash-MD5 02a43b3423367b9dddc24cc7dfc070df 2026-05-28
FileHash-MD5 6a0fe6065d76715feebc1526d456db73 2026-05-28
FileHash-MD5 7f624407ae489324e96a708a09c17e6f 2026-05-28