IOC Radar
SHA256MediumSignal 100/100

cd27a31e618fe93df37603e5ece3352a91f27671ee73bdc8ce9ad793cad72a0f

First Seen
Nov 14, 2023
Last Seen
Jun 9, 2026
Nov 14
First Seen
961d ago
Jun 9
Last Seen
24d ago
11
Reports
source reports
99%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseactive scanaes256affiliate programalienvault_ransomwareasahiattackbad reputationblack basta variantbotnetbotnet activitybrute forcechacha20command and controlcommand executioncredential accesscredential harvestingcredential stuffingcredential theftcrimedata encryptiondata exfiltrationdata leakdata store exposuredefense evasiondetect-debug-environmentdisruption of servicedistributed attacksdomaindouble extortionelectronic health recordselfemailencryptionexecutable fileexploitation activityextortionfilefile-hashfinancial gaingeniangolanggolden dawnhealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationimpactindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityipv4 cidrlateral movementlinuxlockbitmalmalicious activitymalicious powershell activitymalicious softwaremalwaremedical servicesoperating systempatient carepayment demandphishingpowershellprivilege escalationprocess injectionqilinqilin ransomwareqilin ransomware activityqilin ransomware infectionraasransomransomhubransomwareresearchedrustscripting attacksservicesocial engineeringsuspsystem disruptiont1003t1005t1021.001t1027t1041t1047t1053t1055t1059t1059.001t1068t1069.001t1071t1071.001t1078t1082t1086t1105t1124t1133t1190t1204.002t1486t1489t1490t1496t1499.002t1499.003t1530t1535t1543_004t1547t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1587.001t1590.001threat actortor nodevulnerability scanwindows

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenNov 14, 2023
Last seenJun 9, 2026

VirusTotal

Not checked

WHOIS

description
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
references
https://en.wikipedia.org/wiki/Qilin_(cybercrime_group), https://www.genians.co.kr/blog/threat_intelligence/qilin, https://labs.inquest.net/iocdb, AGENDA-Qilin Ransomware Group IOCs.pdf, Agenda Ransomware File Name IOCs.pdf, Agenda Ransomware Detection Name IOCs.pdf, Blocked-indicators-67435cce.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 24 days ago
Appeared in 11 threat reports