SHA256MediumSignal 100/100
cd27a31e618fe93df37603e5ece3352a91f27671ee73bdc8ce9ad793cad72a0f
First Seen
Nov 14, 2023
Last Seen
Jun 9, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseactive scanaes256affiliate programalienvault_ransomwareasahiattackbad reputationblack basta variantbotnetbotnet activitybrute forcechacha20command and controlcommand executioncredential accesscredential harvestingcredential stuffingcredential theftcrimedata encryptiondata exfiltrationdata leakdata store exposuredefense evasiondetect-debug-environmentdisruption of servicedistributed attacksdomaindouble extortionelectronic health recordselfemailencryptionexecutable fileexploitation activityextortionfilefile-hashfinancial gaingeniangolanggolden dawnhealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationimpactindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityipv4 cidrlateral movementlinuxlockbitmalmalicious activitymalicious powershell activitymalicious softwaremalwaremedical servicesoperating systempatient carepayment demandphishingpowershellprivilege escalationprocess injectionqilinqilin ransomwareqilin ransomware activityqilin ransomware infectionraasransomransomhubransomwareresearchedrustscripting attacksservicesocial engineeringsuspsystem disruptiont1003t1005t1021.001t1027t1041t1047t1053t1055t1059t1059.001t1068t1069.001t1071t1071.001t1078t1082t1086t1105t1124t1133t1190t1204.002t1486t1489t1490t1496t1499.002t1499.003t1530t1535t1543_004t1547t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1587.001t1590.001threat actortor nodevulnerability scanwindows
Activity Timeline
Jun 9Jun 9
Threat Activity Heatmap
· Peak: 2026-06-09LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenNov 14, 2023
Last seenJun 9, 2026
VirusTotal
Not checked
WHOIS
- description
- ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
- references
- https://en.wikipedia.org/wiki/Qilin_(cybercrime_group), https://www.genians.co.kr/blog/threat_intelligence/qilin, https://labs.inquest.net/iocdb, AGENDA-Qilin Ransomware Group IOCs.pdf, Agenda Ransomware File Name IOCs.pdf, Agenda Ransomware Detection Name IOCs.pdf, Blocked-indicators-67435cce.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 24 days ago
Appeared in 11 threat reports