A novice cybercriminal, known as 'Coquettte', has been discovered using a Russian bulletproof hosting provider, Proton66, to distribute malware. The hacker's activities include deploying the Rugmi malware loader through a fake cybersecurity product website and selling guides for illegal substances and weapons. Coquettte is believed to be part of a loosely structured hacking collective called Horrid. The threat actor's infrastructure spans multiple domains and platforms, including GitHub, YouTube, and Last.fm. This network appears to serve as an incubator for aspiring cybercriminals, offering malware resources, hosting solutions, and a collaborative environment for underground hacking activities.